Another joint investigation by Group-IB from Russia and Netherlands based company Fox-IT is finished. Group-IB specializes in cyber crime investigations and Fox-IT offers innovative cyber security solutions. As a result of their joint investigation a report about Anunak hackers group was released today. This group has been involved in targeted attacks and espionage since 2013.
Anunak’s targets in Russia and CIS countries are banks and payments systems while in Europe, USA and Latin America criminals were mainly focusing on retail networks as well as mass media resources.
Criminals use malware that goes under the “Anunak” title and allows for organized targeted attacks at banks and e-payment systems. Malefactors can easily get into banks networks and gain access to secured payment systems. As a result, the money is stolen not from the customers, but from the bank itself. If malefactors gain access to state institutions’ network, the goal is espionage.
When malefactors gain access to internal networks, they have total control over system administrators, record videos of key workers actions to understand how the work is organized. They then take control over e-mails to monitor internal communications and set up remote control to the network by changing its hardware parameters.
Experts discovered that hackers had access to cash machines management systems and could remotely infect them with malware for the purpose of getting money from them upon request in future.
In the report, Group-IB’s and Fox-IT’s experts describe in detail methods and software that were used by hackers, same methods and tools that can be used to protect networks and counter targeted attacks.
Key features highlighted by Group-IB’s and Fox-IT’s experts:
- Average theft in Russia and CIS countries for this group is 2 million US dollars.
- Anunak group had access to more than 50 Russian banks, 5 payment systems, 16 retail companies. Most of the retail companies are outside of Russia, while not a single US/EU bank has been attacked.
- As of now more than 1 billion rubles has been stolen by the group in total, most of that during the last 6 months.
- Average time from the moment the group gains access to an internal network before the money is stolen equals 42 days.
Andy Chandler, Senior VP at Fox-IT said; “This is very serious and as soon as we could conclude our joint investigations we wanted to share the information and not just for our customers but everyone. They (Anunak) are very pro-active and at times innovating, when you look at the volumes of money, credit cards and intellectual property they have taken, this can only be described as a ‘professional’ criminal campaign with a high level of success and please believe they are not going away anytime soon.”
Today, the Anunak group is still in operation which is why Group-IB and Fox-IT forecast an increase in the number of targeted attacks in 2015.
