The cybercriminal team “Anunak” has been hitting Russian banks with their Zeus malware. The hackers were able to steal 18 millions dollar from Russian banks and United States retailers. Forbes reported that the Anunak hacking team was able to infiltrate the Staples retailer.
The Staples company reported that 1.16 million Payment cards had been stolen by hackers which infiltrated the point of sales devices in 115 stores. The malware is claimed to be active since July 20th and September 16th.
Sheplers, a cowboy apparel seller whose PoS systems were infected between June and September, and Bebe, a women’s clothing retailer whose stores were attacked in November, were also victims of the Anunak gang, according to the source.
First time that Anunak had been spotted – read more in the full report
The first successful bank robbery was committed by this group in January 2013. In all first cases the attackers used the program RDPdoor for remote access to the bank network and the program “MBR Eraser” to remove traces and to crack Windows computers and servers. Both programs were used by the members of the Carberp criminal group under the guidance of a person named Germes. To reduce the risk of losing access to the internal bank network the attackers, in addition to malicious programs, were also used for remote access legitimate programs such as Ammy Admin and Team Viewer. Later the attackers completely abandoned from usage of RDPdoor and Team Viewer.
In addition to banking and payment systems, hackers got access to e-mail servers to control all internal communications. This approach allowed them to find out that the anomalous activity in the bank network was identified, what technique was used to identify this activity and what measures the bank employees took to solve the problem. Email control was successfully installed regardless of used email system, MS Exchange or Lotus. This approach allowed them to take countermeasures that created for bank and payment system employees the feeling that the problem had been solved.
The main steps of the attack progression are the following ones:
READ THE FULL REPORT BY FOX-IT AND GROUP-IB HERE
Download via Cyberwarzone