After a large scale raid by Russia over 15 regions throughout the country, around fifty hackers have been arrested by the Russian authorities for stealing more than 1.7 Billion Rubles (over US$25 Million) from banks and other financial institutions in the country since 2011. This is being referred to as the largest arrest of hackers to date in Russia.
Russia’s Federal Security Service reported yesterday that 18 of the 50 criminals arrested during the raids are currently behind bars. During this operation some of the hackers tried to move a large part of their stolen money, but the Russian Interior Ministry managed to stop the transactions which is worth $30 million dollars (2,273 billion rubles).
Their houses were searched and massive numbers of computer devices and communication equipment were confiscated. Kaspersky says the group hacked into popular Russian news sites and hosted malware on their servers, infecting site visitors via drive-by downloads. The group allegedly used a Trojan called “Lurk” to set up a network of bots on infected computers to carry out the attacks. The trojan is particularly dangerous because it operates in-memory (inside the computer’s RAM, not hard drive), which makes it hard to detect by most antivirus engines.
The hackers then stole login names and passwords for user’s online bank accounts, especially accounts held at Sberbank, Russia’s largest bank in terms of assets held. Kaspersky reveals that the group used Tor, VPNs, compromised Wi-Fi connection points and hacked servers to hide their real IP address when attacking an organization.