2016.12.2, 러시아 중앙 은행은 위조된 고객 credential를 사용하여, 50억루블 해킹 시도가 있었으며, 50억루블 중 20억루블은 해커에 의해 유출된 것으로 발표.
– 유출된 고객 계좌는 correspondent bank acccount로 알려져 있음.
– 정확한 해킹 사고 경로에 대해서는 알려지지 않았으나, 유출 사고 발생하기 전에 러시아 은행 대상으로 디도스 공격이 수해외는 등의 사이버 테러 시도가 있었던 곳으로 알려져 있음
Hackers in 2016 stole 2 billion rubles — equivalent to $31 million — from accounts that banks keep at Russia’s central bank.
The Bank of Russia confirmed the cyberattacks and the extent of the losses to CNNMoney on Friday.
Hackers had tried to steal 5 billion rubles, but the central banking authority managed to stop them and redirect the funds, according to central bank security executive Artiom Sychev.
“We were lucky to return some of money,” said a central bank spokesperson.
The hackers targeted commercial banks, but they also stole cash from their clients, the central bank reported.
The central bank did not say when the cyberheists occurred, but said they took place over 2016. They also did not say how hackers moved the funds. But so far, the attack bears some similarity to a recent string of heists that has targeted the worldwide financial system.
russia ruble foreign reserves
In January 2015, hackers got a hold of an Ecuadorian bank’s codes for using SWIFT, the worldwide interbank communication network that settles transactions. They used Banco del Austro’s credentials to steal money the bank kept at Wells Fargo.
In October, hackers used the same technique to slip into a bank in the Philippines.
Two months later, hackers tried to make fraudulent requests at a commercial bank in Vietnam. They were stopped.
This past February, computer hackers stole $101 million from Bangladesh’s central bank — also by gaining access to SWIFT. That time, the bank robbers made five transfers out of Bangladesh Bank’s account at the Federal Reserve Bank of New York. The hackers tried to steal $951 million, but the Fed cut them off before the completion of the theft.
Researchers at the cybersecurity firm Symantec have concluded that the global banking system has been under sustained attack from a sophisticated group — dubbed “Lazarus” — that has been linked to North Korea.
But it’s unclear who has attacked Russian banks this time around.
Earlier Friday, the Russian government claimed it had foiled an attempt to erode public confidence in its financial system.
Russian’s top law enforcement agency, the FSB, said hackers were planning to use a collection of computer servers in the Netherlands to attack Russian banks. Typically, hackers use this kind of infrastructure to launch a “denial of service” attack, which disrupts websites and business operations by flooding a target with data.
The FSB said hackers also planned to spread fake news about Russian banks, sending mass text messages and publishing stories on social media questioning their financial stability and licenses to operate.
Editors note: This story has been updated to clarify that the losses cited from cyberattacks at Russia’s central bank were for 2016, not a single attack.