Categories: Security

$1bn Stolen In World’s Biggest Cyber Heist

A cyber-crime ring has stolen almost $1bn (£648m) from banks and financial institutions in 30 countries over the past two years, in one of the world’s biggest bank heists to date, according to security firm Kaspersky Lab.

The “unprecedented” thefts were carried out using malware that infected the internal systems of up to 100 organisations, mostly in Russia, but also in countries including the US, Germany, China, the Ukraine and Canada, according to the firm.

A gang with members in Russia, the Ukraine and China used information obtained by the malware to transfer funds to accounts in other countries or to cause cash machines to dispense funds at predetermined times, according to Kaspersky.

The thefts were limited to $10m per incident, but Kaspersky said it has seen evidence of at least $300m in stolen funds caused by the gang, and said the total so far could be up to $1bn.

One bank lost $7.3m through cash machine withdrawals alone, according to the report.

In the report, Kaspersky said the thefts mark a new stage of sophistication in cyber-crime in which “malicious users steal money directly from banks and avoid targeting end users”.

On average, each theft took between two and four months, as the criminals patiently studied the target’s routines, so that the theft would not attract notice, Kaspersky said.


The criminals used booby-trapped emails to infect users’ computers with the Carbanak malware, which allowed them to install software that could send back video and screenshots of a users’ screens.

“These attacks again underline the fact that criminals will exploit any vulnerability in any system,” stated Sanjay Virmani, director of Interpol’s digital crime centre, which worked with Kaspersky on the investigation.

No affected bank has come forward so far to acknowledge a theft, and Kaspersky said its nondisclosure agreements with clients don’t permit it to name the organisations involved.

The Financial Services Information Sharing and Analysis Centre, an industry consortium that alerts banks about criminal activity, said members were briefed about Kaspersky’s report last month.

“We cannot comment on individual actions our members have taken, but on balance we believe our members are taking appropriate actions to prevent and detect these kinds of attacks and minimise any effects on their customers,” the group said in a statement.

Are you a security pro? Try our quiz!

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Google Warns Of Italian Spyware On Apple, Android Phones

Italian company's hacking tools have been used to spy on Apple, Android smartphones in Italy…

3 days ago

Intel Signals Delay To Ohio Factory Over US Chips Act Dispute

Chip maker warns new factory in Columbus, Ohio could be delayed or scaled back, over…

3 days ago

Silicon UK In Focus Podcast: Sustainable Business

How do sustainable businesses use technology to innovate? And as businesses want to connect sustainability…

3 days ago

Australia Fines Samsung Over Water-Resistance Claims

Samsung rapped over the knuckles by Australian regulator because of 'misleading' Galaxy smartphone water-resistance claims…

3 days ago

Amazon Reveals Alexa Option To Mimic Any Person’s Voice

Bereavement aid for those in mourning? Amazon's Alexa voice assistant could be programmed to sound…

3 days ago