Russian Hackers Attack And Loot Several Banks
The Federal Bureau of Investigation is probing a computer-security breach targeting Citigroup Inc. that resulted in a theft of tens of millions of dollars by computer hackers who appear linked to a Russian cyber gang, according to government officials.
The attack took aim at Citigroup’s Citibank subsidiary, which includes its North American retail bank and other businesses. It couldn’t be learned whether the thieves gained access to Citibank’s systems directly or through third parties.
The attack underscores the blurring of lines between criminal and national-security threats in cyber space. Hackers also assaulted two other entities, at least one of them a U.S. government agency, said people familiar with the attack on Citibank.
The Citibank attack was detected over the summer, but investigators are looking into the possibility the attack may have occurred months or even a year earlier. The FBI and the National Security Agency, along with the Department of Homeland Security and Citigroup, swapped information to counter the attack, according to a person familiar with the case. Press offices of the federal agencies declined to comment…
Chenghiz Singh: There is not enough information to determine whether the hack used an inside mole or was a breach of customer bank accounts by compromising windows computers used by these customers. It is likely that customer Windows machines infested with trojans stole sensitive information such as SSL certificates to gain access to bank accounts. Russian hackers are experts in botnet technology. Windows is not particularly swift in the security arena (so says unixgurl).
New Zeus Malware on the Rise
In the case of ZeusVM the code is hidden in the JPEG Images steganographically. The trojan ZeusVm than uses this retrieve its configuration files and perpetrate. Jerome Segura further explains that”The JPEG contains the Malware configuration file, which is essentially a list of scripts and financial institutions – but doesn’t need to be opened by the victim themselves. The JPEG itself has very little visibility to the user and is largely a cloaking technique to ensure it is undetected from a security software standpoint”.