黑客從俄羅斯一家銀行“轉(zhuǎn)走”百萬(wàn)美元

A notorious hacking gang has struck again, stealing almost $910,000 from a Russian bank, reports a cyber-security company.

據(jù)一家網(wǎng)絡(luò)安全公司爆料，一臭名昭著的黑客團(tuán)伙再次對(duì)銀行發(fā)起襲擊，此次從俄羅斯銀行得手約91萬(wàn)美元。

Group-IB was called in to help Russia’s PIR Bank after it noticed the theft, said the firm.

Group-IB公司表示，在俄羅斯PIR銀行意識(shí)到該盜竊案件后立刻聯(lián)系了該公司協(xié)助解決問(wèn)題

The raid is believed to have been carried out by the MoneyTaker gang which has hit other financial firms.

此次盜竊事件經(jīng)判斷應(yīng)該是由MoneyTaker團(tuán)伙主導(dǎo)，該團(tuán)伙還襲擊了其他金融機(jī)構(gòu)。

In 2017 it was suspected of stealing nearly $10m from Russian, British and American companies.

2017年，該團(tuán)伙涉嫌從俄羅斯、英國(guó)和美國(guó)公司偷走近1000萬(wàn)美元。

In its report, Group-IB said the cash was taken in a series of transfers on 3 July via a computer at the bank to which the gang had obtained access.

Group-IB集團(tuán)在其報(bào)告中說(shuō)，這筆錢(qián)是7月3日該團(tuán)伙進(jìn)入銀行系統(tǒng)，通過(guò)銀行的一臺(tái)計(jì)算機(jī)進(jìn)行了一系列轉(zhuǎn)賬中而取得的。

Staff at PIR were able to stop some of the transfers, said Group-IB, but the gang’s swift action to "cash out" using paid helpers or "mules" at ATMs stopped the bank recovering much of it.

Group-IB稱，PIR的工作人員阻止了部門(mén)轉(zhuǎn)賬，但是該團(tuán)伙迅速采取行動(dòng)，通過(guò)支付助手或ATM取款機(jī)上的“錢(qián)騾”“兌現(xiàn)”等，阻止了銀行收回其中的大部分。

Group-IB said the tools and techniques used by the gang to penetrate the bank and lurk on its internal systems were known to have been used by MoneyTaker in other robberies.

該公司補(bǔ)充說(shuō)道，此次犯罪團(tuán)伙用于滲入銀行及潛伏其內(nèi)部系統(tǒng)的技術(shù)手段正是MoneyTaker曾在各項(xiàng)搶劫案中多次使用的。

The attack began in late May, said Group-IB, and initially concentrated on a piece of networking hardware known as a router, which the gang was able to compromise.

此次犯罪從五月底開(kāi)始，犯罪手段是起初從使用一種被稱為路由器的硬件著手，而該行徑則是MoneyTaker常用于攻擊的手段。

By taking over this router, the gang gained access to the bank’s internal network.

通過(guò)黑進(jìn)這個(gè)路由器，這個(gè)團(tuán)伙獲得了進(jìn)入銀行內(nèi)部網(wǎng)絡(luò)的機(jī)會(huì)。

Once on the network, the gang took time to find a specific computer used to authorise transfers of cash. It then used its knowledge of this system, known as the Automated Work Station Client of the Russian Central Bank (AWS-CBR), to set up the bogus transfers.

一旦得以侵入內(nèi)部網(wǎng)絡(luò)，該團(tuán)伙即伺機(jī)找到一臺(tái)特定的電腦用以轉(zhuǎn)賬授權(quán)。隨后利用其對(duì)該系統(tǒng)(俄羅斯中央銀行自助操作客戶端)的了解得以實(shí)現(xiàn)虛假轉(zhuǎn)賬。

Attacks on AWS-CBR are difficult to implement and are not conducted very often, because many hackers just cannot work on computers with AWS-CBR successfully, said Valeriy Baulin, head of Group-IB’s digital forensics lab.

Group-IB數(shù)字取證實(shí)驗(yàn)室負(fù)責(zé)人Valeriy Baulin表示:“針對(duì)AWS-CBR的攻擊很難實(shí)施，也不太經(jīng)常發(fā)生，因?yàn)樵S多黑客無(wú)法成功地在AWS-CBR的電腦上工作。”