Some $300 million were stolen from 100 banks in 30 countries in 2013, according to a new report revealed by The New York Times.
The attack was allegedly carried out by European, Russian, and Chinese hackers, who used malicious software to penetrate the banking systems – via sending e-mails to employees.
Once gaining access, hackers found out what employees were responsible for cash transfers or ATMs, and installed a remote access tool: a program that can take screenshots from employees’ computers, according to the NYT.
Then, they transferred the sums to bank accounts in different countries.
The majority of funds were stolen in Russia, but other targeted countries included Japan, the Netherlands, Switzerland, and the US.
Russian cyber security company Kaspersky Lab was invited to look into the matter, after an ATM in Ukrainian capital Kiev started giving out cash randomly without anyone inserting a card or touching any buttons.
Kaspersky Lab also specified that the sum of $300 million is what they have evidence of, and it could be three times that. Also, the attacks may still be happening.
“This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert,” Chris Doggett, managing director of the Kaspersky Lab North America market, said.
The White House and FBI have been briefed on Kaspersky Lab’s findings, and Interpol is coordinating an investigation.
Due to nondisclosure agreements with the banks that were hit, Kaspersky Lab couldn’t provide more detailed data on the targeted institutions.