Skip to content ↓ | Skip to navigation ↓

Russian law enforcement has made 50 arrests in connection with a five-year operation where hackers attempted to steal billions of rubles from some of the country’s largest banks.

Reuters reports the hackers stole 1.7 billion rubles (approximately US$25.33 million) from several of Russia’s largest financial institutions. They also attempted to steal an additional 2.273 billion rubles by issuing false payment instructions, but Russia’s interior ministry explains those attempts were blocked.

sberbank russian hackersThe FSB, a state security organization for Russia that carried out the arrests, has not named any financial institution targeted in the operation other than Sberbank, the country’s largest bank.

Sberbank assisted the FSB in cracking the case, as did Moscow-based Kaspersky Lab.

Kaspersky’s security researchers ultimately determined that the suspects exploited websites to infect victims with the Lurk trojan, a type of malware that injects into memory and is capable of serving up additional malware.

Ruslan Stoyanov, head of computer incidents investigation at Kaspersky Lab, told Threatpost his security researchers have been aware of Lurk for some time:

“We realized early on that Lurk was a group of Russian hackers that presented a serious threat to organizations and users. Lurk started attacking banks one-and-a-half years ago; before then its malicious program targeted various enterprise and consumer systems. Our company’s experts analyzed the malicious software and identified the hacker’s network of computers and servers. Armed with that knowledge the Russian Police could identify suspects and gather evidence of the crimes that had been committed. We look forward to helping to bring more cybercriminals to justice.”

The FSB has detained 18 of the individuals arrested in this case in Moscow, where they will await the conclusion of Russian law enforcement’s investigation.

News of these arrests follow several months after the Swedish Civil Aviation Administration, LFV, falsely claimed that Russian intelligence caused several outages in Sweden’s air traffic control system.