MOSCOW, 8 February. Banking Trojan Corkow was the reason that on 27 February 2015 in the course of currency trading on the Moscow stock exchange (MB) within a few minutes of quotes dramatically changed in a large range 55,36-66,33 rubles this was announced by Dmitry Volkov, head of investigations and service of kibernetiki Bot-Trek Intelligence, co-founder of Group-IB, which was engaged in check of this incident by the order of Energobank.
Energobank March 11, 2015, declared that it regards the portion of transactions on the currency pair dollar/rouble calculations today (USD/RUB_TOD) on February 27, unauthorized. The Bank also has addressed with the corresponding statements in law enforcement bodies.
The Ministry of internal Affairs detained the criminals who tried to bring down the banking system of the Russian Federation
“In the case of Energobank attackers using malicious software gained access not to the banking systems concerned with services for individuals and legal entities, and to the trading terminal for transactions on the exchange. They began to buy and sell currencies through the Bank, quite a large amount. Made just about seven applications: five – for the currency purchase of several hundred million dollars, and the rest to sell on the order of hundreds of millions of dollars. Eventually this led to strong fluctuations of the ruble within 14 minutes while the attack lasted,” – said Volkov.
According to him, even if hackers and earned the attack, small amount. “Rather, it was the action, confirming their ability,” explained the representative of Group-IB.
Volkov noted that the attacker’s program could provide a parallel with the operator of the Bank remote access system.
He did not comment on who exactly was behind the attack, citing the confidentiality of these data within the framework of the investigation.
“We have gathered the necessary evidence and brought information to all participants in the financial market,” Volkov said, adding that the Energobank, according to Group-IB, was not the only Russian Bank, affected by the actions of Corkow Trojan in 2015.
The expert recalled that in 2011-2014 with this Trojan attack was carried out mainly on a legal entity for the purpose of theft of cash from their accounts, and starting in 2015, the hackers moved on to banks.
“Kaspersky lab”: every sixth company in Russia in 2015 has undergone DDoS-attack