High-tech hackers stole $300 million from 100 banks. But here’s what the media forgot to tell you

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

This weekend, the New York Times published details of a high-tech criminal campaign which saw banks in Russia, Japan, Europe and the United States hit by a major malware attack and the theft of millions of dollars.

The story, which emerged from a Kaspersky report that was shared with the newspaper before its official publication, naturally received the attention of others in the media:

Media reports

Kaspersky’s Chris Doggett told the New York Times that the attack – perpetrated by the so-called “Carbanak” gang – was “likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert.”

Sign up to our free newsletter.
Security news, advice, and tips.

Back in December, I described how a Russian hacking gang had stolen millions from banks, targeting e-payment systems and even installing malware on ATM management infrastructure that resulted in theft from cash machines.

Anunak story

Anunak reportThat gang was named “Anunak” by researchers at Group-IB and Fox-IT, who first uncovered the campaign, which was also reported by the likes of Forbes at the time.

Carbanak? Anunak? What’s in a name?

My suspicion is that Anunak and Carbanak are one and the same gang. Kaspersky’s report may have grabbed the attention of the likes of the New York Times, but right now it appears that what’s “new” is only that more banks were hit by the hackers than previously confirmed, and more money stolen.

It’s a shame that the New York Times doesn’t reference the earlier research done by Fox-IT and Group-IB, and instead gives all the spotlight to Kaspersky’s researchers.

Whoever discovered what, one thing is for certain. Banks need to keep their wits about them and treat security as a high priority, as hackers become ever more sophisticated and audacious in their attempts to steal cash.

Update 16 February 2015: Fox-IT has confirmed that Anunak and Carbanak are one and the same.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

One comment on “High-tech hackers stole $300 million from 100 banks. But here’s what the media forgot to tell you”

  1. Coyote

    Kaspersky's Chris Doggett told the New York Times that the attack – perpetrated by the so-called "Carbanak" gang was "likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert."

    Yes, well, Kaspersky also claimed we should be fine with spying all around. Of course there is also their suggestion that there should be Internet passports (or however 'he' worded it). Of course, banks are probably (I say probably for the 0.00001% chance that they are sophisticated in something besides greed) less sophisticated – and by a lot – than this gang, so maybe Kaspersky's point has some value here (but only when comparing the two)… Still, there is the other side of the coin (I can't help it): Kaspersky and their statements are rather amusing at times… At least there is always humour… no matter the source, it is always there.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.