Big Cyber Attack in Russia’s Central Bank-Loses $31 Million

Russia’s central bank saw 2 billion rubles (US$31 million) stolen from accounts as the result of a cyberattack. The theft comes as the country’s security service also claims to have fought off an attack against its financial services industry.

Reuters reports that the bank released a report on Dec. 2 describing a cyberattack that involved “faking a client’s credentials.” Further details were not available.

The stolen money came from accounts held by banking clients at the central bank, The Wall Street Journal reported.

Meanwhile, Russia’s Federal Security Service says it has taken steps to “neutralize” an attack against its financial system. In a statement, the FSB says it has received information that a large-scale cyberattack is planned starting on Dec. 5.

The attacks, which are expected to strike several dozen Russian cities, would be accompanied by the mass sending of SMS messages and a social network and media campaign telegraphing a crisis in the Russian financial system, the FSB claims.

SHIFT related Attack?

The command-and-control server for the attacks is located in the Netherlands and is run by a Ukrainian hosting company called BlazingFast, the FSB says.

Meanwhile, Russia’s Federal Security Service says it has taken steps to “neutralize” an attack against its financial system. In a statement, the FSB says it has received information that a large-scale cyberattack is planned starting on Dec. 5.

The attacks, which are expected to strike several dozen Russian cities, would be accompanied by the mass sending of SMS messages and a social network and media campaign telegraphing a crisis in the Russian financial system, the FSB claims.

The command-and-control server for the attacks is located in the Netherlands and is run by a Ukrainian hosting company called BlazingFast, the FSB says. BlazingFast responded on Facebook that it had not been contacted by the FSB but would cooperate if its network was used for illegal activity.

“As soon as BlazingFast became aware of this report, we reviewed all our systems and network and we have not found any abnormal pattern changes that could lead to FSB’s allegations,” the company says.

Fears about attacks on banks have mounted since February when unknown cyber criminals stole $81 million in funds that Bangladesh’s central bank had on deposit at the New York Fed.

Law enforcement agencies around the globe are hunting for the criminals who stole the money using fraudulent wire-transfer requests sent over the SWIFT bank messaging network.

Separately, Russia said on Friday that it had uncovered a plot by foreign spy agencies to sow chaos in the country’s banking system via a coordinated wave of cyber attacks and fake social media reports about banks going bust.

Blowback

The targeting of Russia is not surprising given the mix of opportunist cybercriminals, politically motivated hackers and possible state-level actors worried about President Vladimir Putin’s muscle flexing.

In October, the U.S. blamed Russia for hacking the Democratic National Committee along with the email accounts of party officials.

The emails ended up on WikiLeaks and other websites, fueling unending media attention and further skewing an already unconventional presidential campaign (see Microsoft Says Russian DNC Hackers Targeted Zero-Day Flaws).

U.S. Vice President Joe Biden obliquely warned soon after the charge that the U.S. had the capacity to send a “message” to Russia and would do so when the circumstances have the greatest impact, according to The New York Times..

It’s not clear if the U.S. has acted yet. In January, the U.S. Treasury directly accused Putin of being corrupt, alleging that he has amassed a fortune that has been masked through longtime training and practices, according to the BBC.

U.S. spy agencies could conceivably be tasked with using offensive cyberattacks to expose Putin’s finances.

Russia has consistently denied the hacking accusations while casting itself as a victim. In July, the FSB said malicious software infected 20 organizations, with targets including public authorities, scientific and military institutions.