Russia’s FSB security service has said that it has detained a gang of 50 hackers who used a Trojan called “Lurk” to 3 billion roubles (approx. $25 million) from various Russian banks.
An investigation by Russia’s FSB, Kaspersky Lab and Sberbank has led to raids targeting 50 people allegedly involved in the cyber-plundering of various Russian bank accounts to the tune of over $45 million USD.
Raids were conducted in 15 regions of Russia. A press release by the FSB stated:
As a result of the searches, seizures included a large amount of computer equipment, communications equipment, banking cards issued on the nominees, financial documents and large sums of cash, confirming the illegality of their activities.
Nationwide raids saw 50 individuals detained, 18 of whom were arrested and now behind bars in Moscow detention faclities.
According to the Interior Ministry, the same gang had attempted to further steal 2.273 billion roubles via false payment instructions, which were duly blocked.
While the authorities did not reveal the names of the financial institutions involved, Sberbank – Russia’s largest bank is confirmed as a victim of the cyber-heist. The bank also facilitated the investigation, resulting in the nationwide raids.
The Lurk Trojan
Spotted in 2012 initially, Lurk was deemed a “fileless” Trojan by Russian cybersecurity firm Kaspersky Labs. Notably, the Trojan ran in RAM. The trojan’s payload is delivered when a target merely visits a compromised webpage infected with the Trojan. The hackers are alleged to have exploited popular news websites in order to infect unsuspecting victims with the Lurk Trojan.
Since the malware is injected into the RAM, it makes the strain difficult to detect and analyze.
Once it finds its way to the target’s PC, the malware would then download additional malicious modules, enabling theft of the victim’s money.
Malware authors programmed the Trojan by hiding behind a VPN connection by hacking several IT and telecom companies, using their servers to keep a quiet profile, Kaspersky Lab revealed.
Ruslan Stoyanov, head of computer incidents investigation at the security firm stated:
We realized early on that Lurk was a group of Russian hackers that presented a serious threat to organizations and users. Lurk started attacking banks one-and-a-half years ago; before then its malicious program targeted various enterprise and consumer systems.