According to the report, the group – known as ‘Anunak’ – focuses their frauds on the corporate network, targeting internal payment gateways and internal banking systems. In this way, they steal money from the banks and payment systems themselves and not from the banks’ customers.
In addition to this activity, the gang has also compromised media groups and other organizations for the purpose of industrial espionage and possibly to obtain a trading advantage on the stock market. In cases where the group got access to government agency networks, their aim is believed to be espionage-related, the researchers report.
All totaled, the group is known to have hit more than 50 Russian banks, five payment systems and 16 retail companies. Most of the retail companies are outside of Russia, but no U.S./EU banks are known to have been attacked.
“We have seen criminals branching out for years, for example with POS malware,” said Andy Chandler, Fox-IT’s SVP and general manager, in a statement. “Anunak has capabilities which pose threats across multiple continents and industries. It shows there’s a grey area between APT and botnets. The criminal’s pragmatic approach once more starts a new chapter in the cybercrime ecosystem.”