The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: bank hacking

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

Ukrainian Police Arrest 6 Hackers Linked to DDoS and Financial Attacks

January 17, 2019Swati Khandelwal
Ukrainian Police have this week busted out two separate groups of hackers involved in carrying out DDoS attacks against news agencies and stealing money from Ukrainian citizens, respectively. According to the authorities, the four suspected hackers they arrested last week , all aged from 26 to 30 years, stole more than 5 million Hryvnia (around 178,380 USD) from the bank accounts of Ukrainian citizens by hacking into their computers. The suspects carried out their attacks by scanning vulnerable computers on the Internet and infecting them with a custom Trojan malware to take full remote control of the systems. The group then apparently enabled key-logging on the infected computers in an attempt to capture banking credentials of victims when the owners of those infected computers fill in that information on any banking site or their digital currency wallet. Once getting a hold on the victims banking and financial data, the attackers logged into their online banking accounts
Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

Bank Servers Hacked to Trick ATMs into Spitting Out Millions in Cash

October 03, 2018Swati Khandelwal
The US-CERT has released a joint technical alert from the DHS, the FBI, and Treasury warning about a new ATM scheme being used by the prolific North Korean APT hacking group known as Hidden Cobra . Hidden Cobra, also known as Lazarus Group and Guardians of Peace, is believed to be backed by the North Korean government and has previously launched attacks against a number of media organizations, aerospace, financial and critical infrastructure sectors across the world. The group had also reportedly been associated with the WannaCry ransomware menace that last year shut down hospitals and big businesses worldwide, the SWIFT Banking attack in 2016, as well as the Sony Pictures hack in 2014. Now, the FBI, the Department of Homeland Security (DHS), and the Department of the Treasury have released details about a new cyber attack, dubbed " FASTCash ," that Hidden Cobra has been using since at least 2016 to cash out ATMs by compromising the bank server. FASTCash Hack
Dark Tequila Banking Malware Uncovered After 5 Years of Activity

Dark Tequila Banking Malware Uncovered After 5 Years of Activity

August 21, 2018Swati Khandelwal
Security researchers at Kaspersky Labs have uncovered a new, complex malware campaign that has been targeting customers of several Mexican banking institutions since at least 2013. Dubbed Dark Tequila , the campaign delivers an advanced keylogger malware that managed to stay under the radar for five years due to its highly targeted nature and a few evasion techniques. Dark Tequila has primarily been designed to steal victims’ financial information from a long list of online banking sites, as well as login credentials to popular websites, ranging from code versioning repositories to public file storage accounts and domain registrars. The list of targeted sites includes "Cpanels, Plesk, online flight reservation systems, Microsoft Office 365, IBM Lotus Notes clients, Zimbra email, Bitbucket, Amazon, GoDaddy, Register, Namecheap, Dropbox, Softlayer, Rackspace, and other services," the researchers say in a blog post . The malware gets delivered to the victims' comp
Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

Newly Uncovered 'MoneyTaker' Hacker Group Stole Millions from U.S. & Russian Banks

December 11, 2017Swati Khandelwal
Security researchers have uncovered a previously undetected group of Russian-speaking hackers that has silently been targeting Banks, financial institutions, and legal firms, primarily in the United States, UK, and Russia. Moscow-based security firm Group-IB published a 36-page report on Monday, providing details about the newly-disclosed hacking group, dubbed MoneyTaker , which has been operating since at least May 2016. In the past 18 months, the hacking group is believed to have conducted more than 20 attacks against various financial organisations—stolen more than $11 Million and sensitive documents that could be used for next attacks. According to the security firm, the group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and SWIFT international bank messaging service (United States). " Criminals stole documentation for OceanSystems’ FedLink card processing system, which is used by 200 banks in Latin America
Hackers Steal $60 Million from Taiwanese Bank; Two Suspects Arrested

Hackers Steal $60 Million from Taiwanese Bank; Two Suspects Arrested

October 11, 2017Wang Wei
A Taiwanese bank has become the latest to fall victim to hackers siphoning off millions of dollars by targeting the backbone of the world financial system, SWIFT. SWIFT, or Society for Worldwide Interbank Telecommunication, is a global financial messaging system that thousands of banks and commercial organizations across the world use to transfer billions of dollars every day. Hackers reportedly last week managed to steal almost $60 Million from Far Eastern International Bank in Taiwan by planting malware on the bank's servers and through the SWIFT interbank banking system. According to Taiwanese state-owned news agency Central News Agency, most of the stolen money has now been recovered, with only $500,000 remaining, and authorities have made two arrests in connection with the bank cyber-heist. Far Eastern on Friday admitted that some unknown hackers managed to install malware on computers and servers within its organization, and most crucially, onto a SWIFT terminal emplo
Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

Russian Financial Cybercriminal Gets Over 9 Years In U.S. Prison

July 11, 2017Wang Wei
A 29-year-old Russian-born, Los Angeles resident has been sentenced to over nine years in prison for running botnets of half a million computers and stealing and trafficking tens of thousands of credit card numbers on exclusive Russian-speaking cybercriminal forums. Alexander Tverdokhlebov was arrested in February, pleaded guilty on March 31 to wire fraud and on Monday, a federal court sentenced him to 110 months in prison. According to court documents , Tverdokhlebov was an active member of several highly exclusive Russian-speaking cybercriminal forums largely engaged in money laundering services, selling stolen sensitive data, and malware tools since at least 2008. Tverdokhlebov offered several illegal services on these underground forums, including the exchange of tools, services and stolen personal and financial information. The hacker also operated several botnets – a network of compromised ordinary home and office computers that are controlled by hackers and can be us
Hackers stole $800,000 from ATMs using Fileless Malware

Hackers stole $800,000 from ATMs using Fileless Malware

April 04, 2017Swati Khandelwal
Hackers targeted at least 8 ATMs in Russia and stole $800,000 in a single night, but the method used by the intruders remained a complete mystery with CCTV footage just showing a lone culprit walking up to the ATM and collecting cash without even touching the machine. Even the affected banks could not find any trace of malware on its ATMs or backend network or any sign of an intrusion. The only clue the unnamed bank's specialists found from the ATM's hard drive was — two files containing malware logs. The log files included the two process strings containing the phrases: "Take the Money Bitch!" and "Dispense Success." This small clue was enough for the researchers from the Russian security firm Kaspersky, who have been investigating the ATM heists, to find malware samples related to the ATM attack. In February, Kaspersky Labs reported that attackers managed to hit over 140 enterprises, including banks, telecoms, and government organizations, in th
New “Fileless Malware” Targets Banks and Organizations Spotted in the Wild

New “Fileless Malware” Targets Banks and Organizations Spotted in the Wild

February 08, 2017Swati Khandelwal
More than a hundred banks and financial institutions across the world have been infected with a dangerous sophisticated, memory-based malware that's almost undetectable, researchers warned. Newly published report by the Russian security firm Kaspersky Lab indicates that hackers are targeting banks, telecommunication companies, and government organizations in 40 countries, including the US, South America, Europe and Africa, with Fileless malware that resides solely in the memory of the compromised computers. Fileless malware was first discovered by the same security firm in 2014, has never been mainstream until now. Fileless malware is a piece of nasty software that does not copy any files or folder to the hard drive in order to get executed. Instead, payloads are directly injected into the memory of running processes, and the malware executes in the system's RAM. Since the malware runs in the memory, the memory acquisition becomes useless once the system gets reboot
Polish Banks Hacked using Malware Planted on their own Government Site

Polish Banks Hacked using Malware Planted on their own Government Site

February 07, 2017Swati Khandelwal
In what considered to be the largest system hack in the country's history and a massive attack on the financial sector, several banks in Poland have been infected with malware. What's surprising? The source of the malware infection is their own financial regulator, the Polish Financial Supervision Authority (KNF) -- which, ironically, is meant to keep an eye out for the safety and security of financial systems in Poland. During the past week, the security teams at several unnamed Polish banks discovered malicious executables on the workstations of several banks. The KNF confirmed that their internal systems had been compromised by someone " from another country, " although no specifications were provided. After downloads of suspicious files that were infecting various banking systems had been discovered on the regulator's servers, the KNF decided to take down its entire system " in order to secure evidence. " Here's what happened: An
Police Arrest 5 Cyber Thieves Who Stole 3.2 Million From ATMs Using Malware

Police Arrest 5 Cyber Thieves Who Stole 3.2 Million From ATMs Using Malware

January 28, 2017Mohit Kumar
Law enforcement authorities from Europe and Russia have arrested five members of an international cyber criminal gang for stealing $3.2 million cash from ATMs using malware. Three of the suspects, Andrejs Peregudovs (41), of Latvia, Niklae Penkov (34) of Moldova, and Mihail Colibaba (30) of Romania, were arrested in Taiwan by the Taiwanese Criminal Investigation Bureau last summer, have already been sentenced to 5 years in prison for their role in a massive ATM heist operation, involving 22 individuals from 6 countries. The European-based cyber criminal gang used a variety of different hacking techniques to infect ATMs with malware and force them to dispense cash. According to Europol that began its investigation in early 2016, the gang used spear-phishing emails containing malicious attachments to target bank employees and penetrate the bank's internal networks. From there, the cyber crooks then located and hacked into the network of ATMs from the inside, and used a m
Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain

Russian Hacker behind 'NeverQuest' Malware, Wanted by FBI, Is Arrested in Spain

January 22, 2017Mohit Kumar
A Russian computer hacker wanted by the FBI on hacking allegations was arrested and jailed in Spain earlier this week, while a decision on his extradition to the United States has yet to be made. The Guardia Civil, Spanish law enforcement agency officers, have detained 32-year-old Stanislav Lisov at Barcelona–El Prat Airport based on an international arrest warrant issued by Interpol at the request of the FBI. Lisov is arrested on suspicion of creating and operating the NeverQuest Banking Trojan , a nasty malware that targeted financial institutions across the world and caused an estimated damage of $5 Million. The arrest was made after U.S. intelligence agencies found that Russian hackers were behind the November 2016 election hacks that possibly influenced the presidential election in Donald Trump's favor. However, Spanish police made an official statement, saying that the FBI had requested the arrest of Lisov after an investigation that started in 2014. NeverQues
FBI Most Wanted Fugitive JPMorgan Hacker Arrested in New York

FBI Most Wanted Fugitive JPMorgan Hacker Arrested in New York

December 15, 2016Mohit Kumar
One of the FBI's most wanted hackers who was behind the largest theft of financial data has finally been arrested at the JFK airport in New York. Joshua Samuel Aaron is accused of being part of a hacking group that attacked several major financial institutions, including JPMorgan Chase , and according to the officials, which was "the largest theft of user data from a U.S. financial institution in history." Aaron was believed to have been living as a fugitive in Moscow, Russia after being charged with hacking crimes in 2015, which exposed the personal information of more than 100 Million people. On June 2015, a federal arrest warrant was issued for Aaron by the United States District Court, and the FBI and US secret service agents arrested him upon his arrival at the JFK airport in NY, announced the US Department of Justice. "Aaron allegedly worked to hack into the networks of dozens of American companies, ultimately leading to the largest theft of person
Tesco Bank Hacked — Cyber Fraudsters Stole Money From 20,000 Accounts

Tesco Bank Hacked — Cyber Fraudsters Stole Money From 20,000 Accounts

November 07, 2016Mohit Kumar
Almost 20,000 Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fall victim to a hacking attack this weekend. As a result of the hack, Tesco Bank has frozen online transactions in an attempt to protect its customers from, what it described as, the “ online criminal activity. ” However, customers can still use their debit and credit cards for cash withdrawals and card-based payments. Tesco Bank has not disclosed any details of the cyber attack or how accounts had been compromised, but Benny Higgins, chief executive of Tesco, confirmed that the hack affected 40,000 of its 136,000 accounts, half of which had already been used to withdraw money fraudulently over the weekend. The bank would not disclose the total amount stolen from the accounts, but confirmed that the amount stolen was a " big number but not a huge number. " If you have been affected by this incident, don’t worry! Higgins has apo
ATMs in Thailand Hacked; 12 Million Baht Stolen; 10,000 ATMs Prone to Hackers

ATMs in Thailand Hacked; 12 Million Baht Stolen; 10,000 ATMs Prone to Hackers

August 24, 2016Wang Wei
Thailand has suffered its first ATM Hack! An Eastern European gang of criminals has stolen over 12 Million Baht (approximately US$350,000) from a total of 21 ATMs in Bangkok and other five provinces by hacking a Thai bank's ATM network; police said Wednesday The Central Bank of Thailand (BoT) has issued a warning to all commercial banks about security flaws in roughly 10,000 ATMs that were exploited to steal cash from the machines. The warning came shortly after the state-owned Government Savings Bank (GSB) shut down approximately 3,000 of their ATMs following an ongoing police investigation into the recent hack in which hackers were able to infect many its cash machines with malware. GSB found that millions of Thailand Baht were stolen between August 1 and 8 from 21 ATMs across the provinces of Bangkok, Phuket, Chumphon, Prachuap Khiri Khan, Phetchaburi, and Surat Thani, the Bangkok Post reports. The hackers made over 12.29 Million Thailand Baht (US$346,000) by inser
SWIFT Hackers Steal $10 Million From Ukrainian Bank

SWIFT Hackers Steal $10 Million From Ukrainian Bank

June 28, 2016Mohit Kumar
A Ukrainian bank has become the latest victim of the widespread cyber attack on global banking and financial sector by hackers who target the backbone of the world financial system, SWIFT. Hackers have reportedly stolen $10 Million from an unnamed bank in Ukraine by exploiting the SWIFT international banking system, according to an independent IT monitoring organization called the Information Systems Audit and Control Association (ISACA). Swift or the Society for Worldwide Interbank Financial Telecommunication is the global banking messaging system responsible for managing Billions of dollars in money transfers each day between financial institutions worldwide. The ISACA branch in Ukraine, who has been hired by the targeted bank to investigate the heist, disclosed that some unknown hackers were able to compromise the bank's security in similar way they hacked Bangladesh central bank and stole $81m (£56m), the Kyiv Post reports. "At the current moment, dozens of ba
Russia arrests 50 hackers who stole $25 million from Banks

Russia arrests 50 hackers who stole $25 million from Banks

June 03, 2016Mohit Kumar
Russian authorities have arrested a gang of 50 hackers suspected of stealing more than 1.7 Billion Rubles ( over US$25 Million ) from banks and other financial institutions in the country since 2011. The same criminal gang had tried to steal a further 2.273 Billion Roubles by issuing false payment instructions, but that were blocked. The group allegedly used a Trojan called " Lurk " to set up a network of bots on infected computers to carry out the attacks, according to Russia's FSB ( Federal Security Service ). Initially identified in 2012, Lurk is a "fileless" Trojan that runs in RAM and has mostly been used for collecting banking credentials, especially for banks in Eastern Europe and the Russian Federation. The criminal gang allegedly seeded some of Russia's most popular websites with Lurk. Once infected, the malware downloaded more software modules, allowing the hackers to gain remote access to victims' computers. The hackers then stole
Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

Fraudsters Stole ¥1.4 Billion from 1,400 Japanese ATMs in Just 3 Hours

May 23, 2016Mohit Kumar
In an era where major data hacks are on the rise, it is no surprise breaches on individuals are also up. In just three hours, over 100 criminals managed to steal ¥1.4 Billion ( approx. US$12.7 Million ) from around 1,400 ATMs placed in small convenience stores across Japan. The heist took place on May 15, between 5:00 am and 8:00 am, and looked like a coordinated attack by an international crime network. The crooks operated around 1,400 convenience store ATMs from where the cash was withdrawn simultaneously in 16 prefectures around Japan, including Tokyo, Osaka, Fukuoka, Kanagawa, Aichi, Nagasaki, Hyogo, Chiba and Nigata, The Mainichi reports . Also Read: Tyupkin Malware Hacking ATM Machines Worldwide Many ATM incidents involve a long-established technique called ' ATM Skimming ' in which criminals install devices to obtain card details via its magnetic stripe, or use ATM malware or from data breaches, and then work with so-called carders and money mules to pilfe
Ecuador Bank Hacked — $12 Million Stolen in 3rd Attack on SWIFT System

Ecuador Bank Hacked — $12 Million Stolen in 3rd Attack on SWIFT System

May 21, 2016Swati Khandelwal
Bangladesh is not the only bank that had become victim to the cyber heist . In fact, it appears to be just a part of the widespread cyber attack on global banking and financial sector by hackers who target the backbone of the world financial system, SWIFT. Yes, the global banking messaging system that thousands of banks and companies around the world use to transfer Billions of dollars in transfers each day is under attack. A third case involving SWIFT has emerged in which cyber criminals have stolen about $12 million from an Ecuadorian bank that contained numerous similarities of later attacks against Bangladesh’s central bank that lost $81 Million in the cyber heist . The attack on Banco del Austro (BDA) in Ecuador occurred in January 2015 and, revealed via a lawsuit filed by BDA against Wells Fargo, a San Francisco-based bank on Jan. 28, Reuters reported. Here’s how cyber criminals target banks: Uses malware to circumvent local security systems of a bank. Gains acces
Hacker Steals Money from Bank and Donates $11,000 to Anti-ISIS Group

Hacker Steals Money from Bank and Donates $11,000 to Anti-ISIS Group

May 19, 2016Mohit Kumar
Meet this Robin Hood Hacker: Phineas Fisher, who breached Hacking Team last year, revealed on Reddit Wednesday that he hacked a bank and donated the money to Kurdish anti-capitalists in Rojava autonomous region in northern Syria that borders territory held by the ISIS ( Islamic State militant group ). Fisher, also known as "Hack Back" and "@GammaGroupPR," claimed responsibility for both the Hacking Team and Gamma Group data breaches. The vigilant hacker donated 25 Bitcoin (worth around US$11,000) to a crowdfunding campaign known as the Rojan Plan, which has been set up by members of the Rojava’s economic committee, described by Fisher as "one of the most inspiring revolutionary projects in the world." Also Read:  Here's How Hackers Stole $80 Million from Bangladesh Bank The funds donated to the campaign came from a bank heist, though the hacker neither revealed the name of the bank nor provided any further details of the bank heist. Whe
Second Bank hit by Malware attack similar to $81 Million Bangladesh Heist

Second Bank hit by Malware attack similar to $81 Million Bangladesh Heist

May 13, 2016Swati Khandelwal
SWIFT, the global Society for Worldwide Interbank Financial Telecommunications, warned on Thursday of a second malware attack similar to the Bangladesh central bank hack one that led to $81 million cyber heist. In February,  $81 Million cyberheist at the Bangladesh central bank was carried out by hacking into SWIFT, the global financial messaging system that thousands of banks and companies around the world use to transfer billions of dollars every day. However, the hackers behind the cyber heist appear to be part of a comprehensive online attack on global banking and financial infrastructure. The second attack involving SWIFT targeted a commercial bank, which the company declined to identify. SWIFT also did not immediately clear how much money, if any, was stolen in the attack. However, SWIFT spokeswoman Natasha de Teran said that the second attack and the Bangladesh bank heist contained numerous similarities and were very likely part of a "wider and highly adaptive
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.