Illustration for article titled Hackers Stole Hundreds of Millions in Massive Malware Bank Heist

In what may be one of the biggest bank heists to date, hackers have apparently siphoned hundreds of millions of dollars from over 100 banks in 30 nations. And according to the upcoming Kaspersky Lab report, this could be "the most sophisticated attack the world has seen to date."


The analysis from Kaspersky Lab, which comes out Monday and was acquired by The New York Times, comes after the cybersecurity firm was called in to investigate a rogue, cash-spewing ATM in Ukraine a little over a year ago. But according to The Times, the ATM was just the beginning:

The bank's internal computers, used by employees who process daily transfers and conduct bookkeeping, had been penetrated by malware that allowed cybercriminals to record their every move. The malicious software lurked for months, sending back video feeds and images that told a criminal group — including Russians, Chinese and Europeans — how the bank conducted its daily routines, according to the investigators.


Once they had the necessary info, the hackers were able to impersonate bank officers, leaving them free to transfer money from banks in the US, Russia, Japan, and Switzerland (among others) to various international dummy accounts. According to the report, the sheer size of this attack could make it "one of the largest bank thefts ever." And while the cybercriminals siphoned at least $300 million globally, Kaspersky Lab believes the total could be nearly three times that.

So far, none of the banks have actually been named, but the majority of them are apparently located in Russia, with Japan and the US also taking quite a bit of the brunt. What's more, since the hackers only swiped $10 million at a time, the attacks likely didn't raise any eyebrows while they were being carried out. Though the banks involved have been made aware, they have yet to inform any customers. Which, while troubling in its own right, is made worse by the fact that the hack is apparently still ongoing.

And according to the Kaspersky report, it all started the same way practically every other major hack starts: email. You can read more about the hack over at The New York Times here, and in the meantime, for god's sake—stop clicking sketchy emails. [The New York Times]

Image via Getty


Share This Story

Get our newsletter