Hacker
Professional
- Messages
- 1,044
- Reaction score
- 813
- Points
- 113
This article was written for educational purposes only. We do not call anyone to anything, only for information purposes! The author is not responsible for your actions
The largest cybercrime of the century was committed by the CARBANAK criminal group. Who does this group consist of? It is headed by several people - a database expert, a virus creator, a banking system spy, a phisher, and a cleaner.
What have they done? They sent letters to the accountants of the bank, which had a virus in its attachments. The topic and attachments were of such a content that I would like to open them (I analyzed this type of attack in the previous article, be sure to check it out). Opening an attachment means it has launched a virus and it is now stored in the operating system of the computer and nowhere else. And within 2-4 months it spread through the corporate network of the bank, infecting more and more computers. And they penetrated into the bank's servers responsible for issuing money ATMs at a certain time. At the same time, a special person appeared near the ATM - a mule who collected money. They transferred them to intermediaries, and they transferred them into cryptocurrency and hid. However, we missed one more point, the virus itself could increase the money in the account, for example, there were 10 thousand rubles on the account, they increased the amount to 100 thousand rubles and removed 90 thousand. Because of this, there was no movement in the accounts. In this way, they were filming $ 12 million a day! After the entire operation, a cleaner was connected and cleaned all traces in the bank's system. But how were they revealed? One of the mules lost his card near the ATM and began to open the entire chain.
The largest cybercrime of the century was committed by the CARBANAK criminal group. Who does this group consist of? It is headed by several people - a database expert, a virus creator, a banking system spy, a phisher, and a cleaner.
What have they done? They sent letters to the accountants of the bank, which had a virus in its attachments. The topic and attachments were of such a content that I would like to open them (I analyzed this type of attack in the previous article, be sure to check it out). Opening an attachment means it has launched a virus and it is now stored in the operating system of the computer and nowhere else. And within 2-4 months it spread through the corporate network of the bank, infecting more and more computers. And they penetrated into the bank's servers responsible for issuing money ATMs at a certain time. At the same time, a special person appeared near the ATM - a mule who collected money. They transferred them to intermediaries, and they transferred them into cryptocurrency and hid. However, we missed one more point, the virus itself could increase the money in the account, for example, there were 10 thousand rubles on the account, they increased the amount to 100 thousand rubles and removed 90 thousand. Because of this, there was no movement in the accounts. In this way, they were filming $ 12 million a day! After the entire operation, a cleaner was connected and cleaned all traces in the bank's system. But how were they revealed? One of the mules lost his card near the ATM and began to open the entire chain.
