This weekend, the New York Times published details of a high-tech criminal campaign which saw banks in Russia, Japan, Europe and the United States hit by a major malware attack and the theft of millions of dollars.
The story, which emerged from a Kaspersky report that was shared with the newspaper before its official publication, naturally received the attention of others in the media:
Kaspersky’s Chris Doggett told the New York Times that the attack - perpetrated by the so-called “Carbanak” gang - was “likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”
Back in December, I described how a Russian hacking gang had stolen millions from banks, targeting e-payment systems and even installing malware on ATM management infrastructure that resulted in theft from cash machines.
Carbanak? Anunak? What’s in a name?
My suspicion is that Anunak and Carbanak are one and the same gang. Kaspersky’s report may have grabbed the attention of the likes of the New York Times, but right now it appears that what’s “new” is only that more banks were hit by the hackers than previously confirmed, and more money stolen.
It’s a shame that the New York Times doesn’t reference the earlier research done by Fox-IT and Group-IB, and instead gives all the spotlight to Kaspersky’s researchers.
Whoever discovered what, one thing is for certain. Banks need to keep their wits about them and treat security as a high priority, as hackers become ever more sophisticated and audacious in their attempts to steal cash.
Update 16 February 2015: Fox-IT has confirmed that Anunak and Carbanak are one and the same.