Hackers attacked banks through letters on behalf of the Central Bank

Russian banks yesterday has been the target of the attack, sending malicious emails to the email addresses of the employees, according to “Kaspersky Lab”. According to her, “this case deserves special attention”, because for the first time the attacker was impersonating FinCERT project of the Bank of Russia, which is designed to monitor and react to computer attacks in the financial sector and making distribution to the banks about the incident in the information security field.

In the night from Monday to Tuesday this week offensive, tell us in the “Kaspersky Lab”, has registered two domain names. Then they began to create modules for infecting systems and to prepare for the mailing of letters to the banks. Around 12:00 the day before attackers started to send emails with attached malicious file. The mailing was carried out with the address info@fincert.net, while the real address of the service of the Central Bank — fincert@cbr.ru.

Letters were sent not on the General list, and with knowledge of who the recipient is in the texts contained a reference to recipients by name, name and patronymic, underline in the company. “We checked a number of recipient addresses using search engines and are unable to find these addresses in free public access. This means that the attacker used some kind of special base, perhaps made from the materials of industry conferences or official documents of a number of banks,” according to the “Kaspersky Lab”.

The company noted that “attackers are very familiar with informational mailings FinCERT, which are relatively closed and inaccessible to the General public.” This is evidenced by the fact that in file name attachments digital code the same as the real FinCERT range of notifications about the attacks.

The CEO of Digital Security Ilya Medvedovsky told “Vedomosti” that the banks quickly reacted to the incident and warned each other. However, it is likely that the intruders got into the system banks, as part of staff responsible for information security, discovered these letters. Banks suffered financial losses from attacks, it will be clear later, he said: the attackers need time to gain a foothold in the system and withdraw money.