The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: bank hacking

Europol Arrests 26 SIM Swapping Fraudsters For Stealing Over $3 Million

Europol Arrests 26 SIM Swapping Fraudsters For Stealing Over $3 Million

March 16, 2020Ravie Lakshmanan
Europol, along with the Spanish and the Romanian national police, has arrested 26 individuals in connection with the theft of over €3.5 million ($3.9 million) by hijacking people's phone numbers via SIM swapping attacks. The law enforcement agencies arrested 12 and 14 people in Spain and Romania, respectively, as part of a joint operation against two different groups of SIM swappers, Europol said . The development comes as SIM swapping attacks are emerging as one of the biggest threats to telecom operators and mobile users alike. The increasingly popular and damaging hack is a clever social engineering trick used by cybercriminals to persuade phone carriers into transferring their victims' cell services to a SIM card under their control. The SIM swap then grants attackers access to incoming phone calls, text messages, and one-time verification codes (or one-time passwords ) that various websites send via SMS messages as part of the two-factor authentication (2FA) proc
UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records

UniCredit Bank Suffers 'Data Incident' Exposing 3 Million Italian Customer Records

October 28, 2019Mohit Kumar
UniCredit, an Italian global banking and financial services company, announced today that it suffered a security incident that leaked some personal information belonging to at least 3 million of its domestic customers. Officially founded in 1870, UniCredit is Italy's biggest banking and financial services and one of the leading European commercial banks with more than 8,500 branches across 17 countries. What happened? — Though UniCredit did not disclose any details on how the data incident happened, the bank did confirm that an unknown attacker has compromised a file created in 2015 containing three million records relating only to its Italian customers. What type of information was compromised? — The leaked data contains personal information of 3 million customers, including their: Names Cities Telephone numbers Email addresses What type of information was not compromised? — Unicredit confirmed that the compromised user records did not include any other perso
Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

Russian Hacking Group Targeting Banks Worldwide With Evolving Tactics

August 21, 2019Swati Khandelwal
Silence APT , a Russian-speaking cybercriminal group, known for targeting financial organizations primarily in former Soviet states and neighboring countries is now aggressively targeting banks in more than 30 countries across America, Europe, Africa, and Asia. Active since at least September 2016, Silence APT group's most recent successful campaign was against Bangladesh-based Dutch-Bangla Bank, which lost over $3 million during a string of ATM cash withdrawals over a span of several days. According to a new report Singapore-based cybersecurity firm Group-IB shared with The Hacker News, the hacking group has significantly expanded their geography in recent months, increased the frequency of their attack campaigns, as well as enhanced its arsenal. The report also describes the evolution of the Silence hacking group from "young and highly motivated hackers" to one of the most sophisticated advanced persistent threat (APT) group that is now posing threats to bank
European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked

European Central Bank Shuts Down 'BIRD Portal' After Getting Hacked

August 16, 2019Swati Khandelwal
The European Central Bank (ECB) confirmed Thursday that it had been hit by a cyberattack that involved attackers injecting malware into one of its websites and potentially stealing contact information of its newsletter subscribers. Headquartered in Germany, the European Central Bank (ECB) is the central bank of the 19 European Union countries which have adopted the euro and is itself responsible for supervising the data protection practices of the banking system across these countries. In an official statement published Thursday, the ECB said unknown "unauthorized parties" had managed to breach its Banks' Integrated Reporting Dictionary (BIRD) website, which was hosted by a third-party provider, eventually forcing the bank to shut down the site. Launched in 2015, BIRD is a joint initiative of the Eurosystem to the euro zone's central banks and the banking system, which provides banks with a precise description of the data that aims to help reporting agents e
Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

January 17, 2019Swati Khandelwal
Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week , all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian citizens by hacking into their computers. The suspects carried out their attacks by scanning vulnerable computers on the Internet and infecting them with a custom Trojan malware to take full remote control of the systems. The group then apparently enabled key-logging on the infected computers in an attempt to capture banking credentials of victims when the owners of those infected computers fill in that information on any banking site or their digital currency wallet. Once getting a hold on the victims banking and financial data, the attackers logged into their online banking accounts
Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

October 03, 2018Swati Khandelwal
The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra . Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world. The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014. Now, the FBI, the Department of Homeland Security (DHS), and the Department of the Treasury have released details about a new cyber attack, dubbed " FASTCash ," that Hidden Cobra has been using since at least 2016 to cash out ATMs by compromising the bank server. FASTCash Hack
Dark Tequila Banking Malware Uncovered After 5 Years of Activity

Dark Tequila Banking Malware Uncovered After 5 Years of Activity

August 21, 2018Swati Khandelwal
Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila , the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques. Dark Tequila has primarily been designed to steal victims' financial information from a long list of online banking sites, as well as login credentials to popular websites, ranging from code versioning repositories to public file storage accounts and domain registrars. The list of targeted sites includes "Cpanels, Plesk, online flight reservation systems, Microsoft Office 365, IBM Lotus Notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, and other services," the researchers say in a blog post . The malware gets delivered to the victims' comp
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

December 11, 2017Swati Khandelwal
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker , which has been operating since at least May 2016. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organisations—stolen more than $11 Million and sensitive documents that could be used for next attacks. According to the security firm, the group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (United States). " Criminals stole documentation for OceanSystems' FedLink card processing system, which is used by 200 banks in Latin America
Hackers Steal $60 Million from Taiwanese Bank; Two Suspects Arrested

Hackers Steal $60 Million from Taiwanese Bank; Two Suspects Arrested

October 11, 2017Wang Wei
A Taiwanese bank has become the latest to fall victim to hackers siphoning off millions of dollars by targeting the backbone of the world financial system, SWIFT. SWIFT, or Society for Worldwide Interbank Telecommunication, is a global financial messaging system that thousands of banks and commercial organizations across the world use to transfer billions of dollars every day. Hackers reportedly last week managed to steal almost $60 Million from Far Eastern International Bank in Taiwan by planting malware on the bank's servers and through the SWIFT interbank banking system. According to Taiwanese state-owned news agency Central News Agency, most of the stolen money has now been recovered, with only $500,000 remaining, and authorities have made two arrests in connection with the bank cyber-heist. Far Eastern on Friday admitted that some unknown hackers managed to install malware on computers and servers within its organization, and most crucially, onto a SWIFT terminal emplo
Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

July 11, 2017Wang Wei
A 29-year-old Russian-born, Los Angeles resident has been sentenced to over nine years in prison for running botnets of half a million computers and stealing and trafficking tens of thousands of credit card numbers on exclusive Russian-speaking cybercriminal forums. Alexander Tverdokhlebov was arrested in February, pleaded guilty on March 31 to wire fraud and on Monday, a federal court sentenced him to 110 months in prison. According to court documents , Tverdokhlebov was an active member of several highly exclusive Russian-speaking cybercriminal forums largely engaged in money laundering services, selling stolen sensitive data, and malware tools since at least 2008. Tverdokhlebov offered several illegal services on these underground forums, including the exchange of tools, services and stolen personal and financial information. The hacker also operated several botnets – a network of compromised ordinary home and office computers that are controlled by hackers and can be us
Hackers stole $800,000 from ATMs using Fileless Malware

Hackers stole $800,000 from ATMs using Fileless Malware

April 04, 2017Swati Khandelwal
Hackers targeted at least 8 ATMs in Russia and stole $800,000 in a single night, but the method used by the intruders remained a complete mystery with CCTV footage just showing a lone culprit walking up to the ATM and collecting cash without even touching the machine. Even the affected banks could not find any trace of malware on its ATMs or backend network or any sign of an intrusion. The only clue the unnamed bank's specialists found from the ATM's hard drive was — two files containing malware logs. The log files included the two process strings containing the phrases: "Take the Money Bitch!" and "Dispense Success." This small clue was enough for the researchers from the Russian security firm Kaspersky, who have been investigating the ATM heists, to find malware samples related to the ATM attack. In February, Kaspersky Labs reported that attackers managed to hit over 140 enterprises, including banks, telecoms, and government organizations, in th
New “Fileless Malware” Targets Banks and Organizations Spotted in the Wild

New "Fileless Malware" Targets Banks and Organizations Spotted in the Wild

February 08, 2017Swati Khandelwal
More than a hundred banks and financial institutions across the world have been infected with a dangerous sophisticated, memory-based malware that's almost undetectable, researchers warned. Newly published report by the Russian security firm Kaspersky Lab indicates that hackers are targeting banks, telecommunication companies, and government organizations in 40 countries, including the US, South America, Europe and Africa, with Fileless malware that resides solely in the memory of the compromised computers. Fileless malware was first discovered by the same security firm in 2014, has never been mainstream until now. Fileless malware is a piece of nasty software that does not copy any files or folder to the hard drive in order to get executed. Instead, payloads are directly injected into the memory of running processes, and the malware executes in the system's RAM. Since the malware runs in the memory, the memory acquisition becomes useless once the system gets reboot
Polish Banks Hacked using Malware Planted on their own Government Site

Polish Banks Hacked using Malware Planted on their own Government Site

February 06, 2017Swati Khandelwal
In what considered to be the largest system hack in the country's history and a massive attack on the financial sector, several banks in Poland have been infected with malware. What's surprising? The source of the malware infection is their own financial regulator, the Polish Financial Supervision Authority (KNF) -- which, ironically, is meant to keep an eye out for the safety and security of financial systems in Poland. During the past week, the security teams at several unnamed Polish banks discovered malicious executables on the workstations of several banks. The KNF confirmed that their internal systems had been compromised by someone " from another country, " although no specifications were provided. After downloads of suspicious files that were infecting various banking systems had been discovered on the regulator's servers, the KNF decided to take down its entire system " in order to secure evidence. " Here's what happened: An
Police Arrest 5 Cyber Thieves Who Stole 3.2 Million From ATMs Using Malware

Police Arrest 5 Cyber Thieves Who Stole 3.2 Million From ATMs Using Malware

January 28, 2017Mohit Kumar
Law enforcement authorities from Europe and Russia have arrested five members of an international cyber criminal gang for stealing $3.2 million cash from ATMs using malware. Three of the suspects, Andrejs Peregudovs (41), of Latvia, Niklae Penkov (34) of Moldova, and Mihail Colibaba (30) of Romania, were arrested in Taiwan by the Taiwanese Criminal Investigation Bureau last summer, have already been sentenced to 5 years in prison for their role in a massive ATM heist operation, involving 22 individuals from 6 countries. The European-based cyber criminal gang used a variety of different hacking techniques to infect ATMs with malware and force them to dispense cash. According to Europol that began its investigation in early 2016, the gang used spear-phishing emails containing malicious attachments to target bank employees and penetrate the bank's internal networks. From there, the cyber crooks then located and hacked into the network of ATMs from the inside, and used a m
Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain

Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain

January 22, 2017Mohit Kumar
A Russian computer hacker wanted by the FBI on hacking allegations was arrested and jailed in Spain earlier this week, while a decision on his extradition to the United States has yet to be made. The Guardia Civil, Spanish law enforcement agency officers, have detained 32-year-old Stanislav Lisov at Barcelona–El Prat Airport based on an international arrest warrant issued by Interpol at the request of the FBI. Lisov is arrested on suspicion of creating and operating the NeverQuest Banking Trojan , a nasty malware that targeted financial institutions across the world and caused an estimated damage of $5 Million. The arrest was made after U.S. intelligence agencies found that Russian hackers were behind the November 2016 election hacks that possibly influenced the presidential election in Donald Trump's favor. However, Spanish police made an official statement, saying that the FBI had requested the arrest of Lisov after an investigation that started in 2014. NeverQues
FBI Most Wanted Fugitive JPMorgan Hacker Arrested in New York

FBI Most Wanted Fugitive JPMorgan Hacker Arrested in New York

December 15, 2016Mohit Kumar
One of the FBI's most wanted hackers who was behind the largest theft of financial data has finally been arrested at the JFK airport in New York. Joshua Samuel Aaron is accused of being part of a hacking group that attacked several major financial institutions, including JPMorgan Chase , and according to the officials, which was "the largest theft of user data from a U.S. financial institution in history." Aaron was believed to have been living as a fugitive in Moscow, Russia after being charged with hacking crimes in 2015, which exposed the personal information of more than 100 Million people. On June 2015, a federal arrest warrant was issued for Aaron by the United States District Court, and the FBI and US secret service agents arrested him upon his arrival at the JFK airport in NY, announced the US Department of Justice. "Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of person
Tesco Bank Hacked — Cyber Fraudsters Stole Money From 20,000 Accounts

Tesco Bank Hacked — Cyber Fraudsters Stole Money From 20,000 Accounts

November 07, 2016Mohit Kumar
Almost 20,000 Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fall victim to a hacking attack this weekend. As a result of the hack, Tesco Bank has frozen online transactions in an attempt to protect its customers from, what it described as, the " online criminal activity. " However, customers can still use their debit and credit cards for cash withdrawals and card-based payments. Tesco Bank has not disclosed any details of the cyber attack or how accounts had been compromised, but Benny Higgins, chief executive of Tesco, confirmed that the hack affected 40,000 of its 136,000 accounts, half of which had already been used to withdraw money fraudulently over the weekend. The bank would not disclose the total amount stolen from the accounts, but confirmed that the amount stolen was a " big number but not a huge number. " If you have been affected by this incident, don't worry! Higgins has apo
ATMs in Thailand Hacked; 12 Million Baht Stolen; 10,000 ATMs Prone to Hackers

ATMs in Thailand Hacked; 12 Million Baht Stolen; 10,000 ATMs Prone to Hackers

August 24, 2016Wang Wei
Thailand has suffered its first ATM Hack! An Eastern European gang of criminals has stolen over 12 Million Baht (approximately US$350,000) from a total of 21 ATMs in Bangkok and other five provinces by hacking a Thai bank's ATM network; police said Wednesday The Central Bank of Thailand (BoT) has issued a warning to all commercial banks about security flaws in roughly 10,000 ATMs that were exploited to steal cash from the machines. The warning came shortly after the state-owned Government Savings Bank (GSB) shut down approximately 3,000 of their ATMs following an ongoing police investigation into the recent hack in which hackers were able to infect many its cash machines with malware. GSB found that millions of Thailand Baht were stolen between August 1 and 8 from 21 ATMs across the provinces of Bangkok, Phuket, Chumphon, Prachuap Khiri Khan, Phetchaburi, and Surat Thani, the Bangkok Post reports. The hackers made over 12.29 Million Thailand Baht (US$346,000) by inser
SWIFT Hackers Steal $10 Million From Ukrainian Bank

SWIFT Hackers Steal $10 Million From Ukrainian Bank

June 28, 2016Mohit Kumar
A Ukrainian bank has become the latest victim of the widespread cyber attack on global banking and financial sector by hackers who target the backbone of the world financial system, SWIFT. Hackers have reportedly stolen $10 Million from an unnamed bank in Ukraine by exploiting the SWIFT international banking system, according to an independent IT monitoring organization called the Information Systems Audit and Control Association (ISACA). Swift or the Society for Worldwide Interbank Financial Telecommunication is the global banking messaging system responsible for managing Billions of dollars in money transfers each day between financial institutions worldwide. The ISACA branch in Ukraine, who has been hired by the targeted bank to investigate the heist, disclosed that some unknown hackers were able to compromise the bank's security in similar way they hacked Bangladesh central bank and stole $81m (£56m), the Kyiv Post reports. "At the current moment, dozens of ba
Russia arrests 50 hackers who stole $25 million from Banks

Russia arrests 50 hackers who stole $25 million from Banks

June 03, 2016Mohit Kumar
Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles ( over US$25 Million ) from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked. The group allegedly used a Trojan called " Lurk " to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB ( Federal Security Service ). Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation. The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers. The hackers then stole
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.