The company Group-IB has discovered that Russian hackers have hacked into the security system of a regional Bank and with the help of the virus could change the rate of the ruble on the stock exchange more than 15%. It is about Kazan “Energobank” said the head of the investigations division and service of Cyberathlete Group-IB Dmitry Volkov. Hackers used a virus called Corkow Trojan. In the attack the Bank placed in February 2015 orders more than $500 million at non-market rate. A hacker caused the most volatility within 6 minutes, allowing to make the transaction for the purchase of dollars through 59,0560 and 51 seconds selling at the rate of 62,3490, says the review.
Malicious software used to attack, can open up backdoor on the computer (remote control channel) using legitimate looking sites or files, and then force it to execute commands hackers. Virus Corkow is constantly updated to bypass anti-virus programs. He got 250 thousand computers worldwide and has infected more than 100 financial institutions, according to a review of Group-IB. Anti-virus protection is not able to effectively counter this threat, the experts found out. In all banks, which was recorded this malware was installed and operate correctly antivirus. In this case, the malware can be located in the network undetected for more than 6 months.
Using malicious software, the hacker caused a major jump in the dollar, indicated in the report Group-IB. In 14 minutes the hacker has achieved abnormal volatility that allowed us to buy a dollar for 55 rubles and sell at 62 rubles To the incident, the traders traded in the market 60 to 62 rubles per dollar. Hackers could increase an open position in the futures market by 20 times, thereby multiplying your capital in 8 times, the report points out.
Energobank claimed that his loss amounted to 244 million rubles at the account of these transactions. In turn, evidence that the hackers gained the profit from this transaction, no. Later, the Moscow exchange said its systems weren’t hacked in this incident. The investigation of the Central Bank has not set manipulation in the foreign exchange market.
However, in Group-IB underscore that volatility earned not only scammers, but also usual clients of the exchange, according to a review of Group-IB. “As a result of this fraud, the Bank suffered great financial and reputational damage, as many market players do not trust the version with the hacking and all readily blamed on the error of the operator of the trading system”, — stated in the review. However, the employee Group-IB Dmitry Volkov said that the financial institution may recover their losses from those responsible for the infiltration of malicious software into the trading system. “However, these individuals still need to install,” he says.
At the end of March 2015 the Committee on currency market of the Moscow exchange recommended that the exchange Board to exclude Energobank from the trade participants of the currency market due to lack of security system of information security of the Bank. Transactions with Energobank that day entered into three brokerage company “Finam”, BCS and “Opening Broker”, customers which bought the currency at a low rate. Bank through the court required the brokers to recoup their losses. With “Open” he demanded 117,3 mln., with the BCS — 118,5 million and “Finam” — 7.8 million, but in March Vakhitovsky district court of Kazan has refused satisfaction of the claim on the grounds that the Energobank was also filed to the police.