Russian Attack Botnet Now Used for Domestic Financial Crimes
Russian botnets are commonly used by cyber criminals to target victims in predominately Western nations, such as the U.S., Germany, France and UK. However, Joe Stewart, a researcher with SecureWorks, has found that a Russian botnet is now being used to target domestic financial institutions using a plug-in that does not require the hacker to write new source code.
The botnet, termed BlackEnergy 2 by Stewart, was used during the 2008 Russo-Georgian War. The botnet is presently stealing financial data from Russian banks.
“They haven’t historically gone after their own countrymen. … It definitely looks like there’s a trend because since that discovery I found two different bot families that are also targeting various Russian [and] Ukrainian banking application systems,” said Stewart.
The malware authored for the botnet is designed specifically to target Russian and Ukrainian banks.
“I started digging into that plug-in a little more and realized it’s a keylogger and a file stealer for a very particular application,” Stewart said. “Investigating that application, turns out it’s a banking authentication system that’s only used by Russian and Ukranian banks.”
Related posts:
