Kaspersky Lab’s team reveals evidence of a targeted attack against the clients of a European Bank
The experts at Kaspersky Lab’s Global Research and Analysis Team have discovered evidence of a targeted attack against the clients of a large European bank. According to the logs found in the server used by the attackers, apparently in the space of just one week cybercriminals stole more than half a million Euros from accounts in the bank. The first signs of this campaign were discovered on 20 January this year when Kaspersky Lab’s experts detected a C&C server on the net. The server’s control panel indicated evidence of a Trojan program used to steal money from clients’ bank accounts.
The campaign was at least one week old when the C&C was discovered, having started no later than January 13, 2014. In that time, the cybercriminals successfully stole more than 500,000 Euros. Two days after GReAT discovered the C&C server, the criminals removed every shred of evidence that might be used to trace them. However, experts think this was probably linked to changes in the technical infrastructure used in the malicious campaign rather spelling the end of the Luuuk campaign.
“Soon after we detected this C&C server, we contacted the bank’s security service and the law enforcement agencies, and submitted all our evidence to them,” said Vicente Diaz, Principal Security Researcher, Kaspersky Lab.
In the LUUUK case, experts have grounds to believe that important financial data was intercepted automatically and fraudulent transactions were carried out as soon as the victim logged onto their online bank accounts.
The stolen money was passed on to the crooks’ accounts in an interesting and unusual way. Our experts noticed a distinctive quirk in the organization of the so-called “drops” (or money-mules), where participants in the scam receive some of the stolen money in specially created bank accounts and cash out via ATMs. There were evidences of several different “drop” groups, each assigned with different sums of money. One group was responsible for transferring sums of 40-50,000 Euros, another with 15-20,000 Euros and the third with no more than 2,000 Euros.
The C&C server related to The Luuuk was shut down shortly after the investigation started. However, the complexity level of the MITB operation suggests that the attackers will continue to look for new victims of this campaign. Kaspersky Lab’s experts are engaged in an ongoing investigation in The Luuuk’s activities.
See What’s Next in Tech With the Fast Forward Newsletter
Tweets From @varindiamag
Nothing to see here - yet
When they Tweet, their Tweets will show up here.