MoneyTaker

Description

(Group-IB) In less than two years, this group has conducted over 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia. The group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US). Given the wide usage of STAR in LATAM, financial institutions in LATAM could have particular exposure to a potential interest from the MoneyTaker group.

Although the group has been successful at targeting a number of banks in different countries, to date, they have gone unreported. In addition to banks, the MoneyTaker group has attacked law firms and also financial software vendors. In total, Group-IB has confirmed 20 companies as MoneyTaker victims, with 16 attacks on US organizations, 3 attacks on Russian banks and 1 in the UK.

Names

Name	Name-Giver
MoneyTaker	Group-IB

Country

• Russia

Motivation

• Financial crime

First Seen

2016

Observed Sectors

• Financial

Observed Countries

• Russia
• UK
• USA

Tools

• Citadel
• Kronos
• Metasploit
• MoneyTaker
• Screenshotter

Information

• https://www.group-ib.com/blog/moneytaker

Other Information

Uuid

8993618c-1ca6-47b2-a304-483f88810ad5

Last Card Change

2020-04-14