黑客從俄羅斯一家銀行“轉走”百萬美元

A notorious hacking gang has struck again, stealing almost $910,000 from a Russian bank, reports a cyber-security company.

據一家網絡安全公司爆料，一臭名昭著的黑客團伙再次對銀行發(fā)起襲擊，此次從俄羅斯銀行得手約91萬美元。

Group-IB was called in to help Russia’s PIR Bank after it noticed the theft, said the firm.

Group-IB公司表示，在俄羅斯PIR銀行意識到該盜竊案件后立刻聯系了該公司協助解決問題

The raid is believed to have been carried out by the MoneyTaker gang which has hit other financial firms.

此次盜竊事件經判斷應該是由MoneyTaker團伙主導，該團伙還襲擊了其他金融機構。

In 2017 it was suspected of stealing nearly $10m from Russian, British and American companies.

2017年，該團伙涉嫌從俄羅斯、英國和美國公司偷走近1000萬美元。

In its report, Group-IB said the cash was taken in a series of transfers on 3 July via a computer at the bank to which the gang had obtained access.

Group-IB集團在其報告中說，這筆錢是7月3日該團伙進入銀行系統，通過銀行的一臺計算機進行了一系列轉賬中而取得的。

Staff at PIR were able to stop some of the transfers, said Group-IB, but the gang’s swift action to "cash out" using paid helpers or "mules" at ATMs stopped the bank recovering much of it.

Group-IB稱，PIR的工作人員阻止了部門轉賬，但是該團伙迅速采取行動，通過支付助手或ATM取款機上的“錢騾”“兌現”等，阻止了銀行收回其中的大部分。

Group-IB said the tools and techniques used by the gang to penetrate the bank and lurk on its internal systems were known to have been used by MoneyTaker in other robberies.

該公司補充說道，此次犯罪團伙用于滲入銀行及潛伏其內部系統的技術手段正是MoneyTaker曾在各項搶劫案中多次使用的。

The attack began in late May, said Group-IB, and initially concentrated on a piece of networking hardware known as a router, which the gang was able to compromise.

此次犯罪從五月底開始，犯罪手段是起初從使用一種被稱為路由器的硬件著手，而該行徑則是MoneyTaker常用于攻擊的手段。

By taking over this router, the gang gained access to the bank’s internal network.

通過黑進這個路由器，這個團伙獲得了進入銀行內部網絡的機會。

Once on the network, the gang took time to find a specific computer used to authorise transfers of cash. It then used its knowledge of this system, known as the Automated Work Station Client of the Russian Central Bank (AWS-CBR), to set up the bogus transfers.

一旦得以侵入內部網絡，該團伙即伺機找到一臺特定的電腦用以轉賬授權。隨后利用其對該系統(俄羅斯中央銀行自助操作客戶端)的了解得以實現虛假轉賬。

Attacks on AWS-CBR are difficult to implement and are not conducted very often, because many hackers just cannot work on computers with AWS-CBR successfully, said Valeriy Baulin, head of Group-IB’s digital forensics lab.

Group-IB數字取證實驗室負責人Valeriy Baulin表示:“針對AWS-CBR的攻擊很難實施，也不太經常發(fā)生，因為許多黑客無法成功地在AWS-CBR的電腦上工作。”