'Metel', discovered in 2011 which is also known as “Corkow” is a malicious computer program that
was created in order to acquire access to confidential data that are stored via online banking systems.
Back in 2011, the malware was searching for target users in the banking online systems. Finally, in 2015,
attackers were successful in infiltrating and defecting the systems of the bank employees by using spear-phishing emails that contained harmful files or by taking advantage of vulnerabilities of a
browser. After they gained access to the network, they hacked other computers using relevant
software. The attackers continued hacking systems until they got the system they were hunting for-
the system which had control over money transactions.
Consequently, whenever the criminals used to pick up the money from a card of the victim bank in an
ATM of a different bank, the transactions used to get rolled back by the system which was already
infected by the attackers. For this reason, the amount on the cards remained the same which enabled
the cybercriminal to take out money although limited only depending on the amount of cash in the
ATM. The criminals made similar cash-out transactions at many other ATM machines. The gang
comprised of less than 10 members and they had no criminal history outside Russia.
Again, in February 2015, another Russian bank named Energobank suffered an Metel malware attack.
The cyber criminals placed $500 million in currency orders sending the funds and manipulating the
Russian currency exchange rates. Although, there was no proof that the attackers could gain any profit
from that attack. However, according to a report, in the year 2015, about 250,000 systems were
infected by the malware “Metel” in over 100 financial institutions.
2018
Mabna Iranian Hack on the United States
Nine Iranians attempted to hack into hundreds of universities globally, many organizations and parts
of the US government and tried to steal valuable academic research-related information. The
Department of Justice charged the nine Iranians who were linked to the Mabna Institute. Mabna
Institute was a company which was created in the year 2013 with a motive to illegally acquire access
to non-Iranian scientific resources and information with the help of computer infiltration. They largely
targeted universities but tech organizations, academic journals, the US labor department, Federal
energy regulatory commission along with United Nations suffered as well. The company conducted
cyber -attacks on 144 US universities, 176 universities of other countries which includes countries like
Canada, Israel, Japan, etc. Around 31.5 terabytes of intellectual property which included much
valuable information were stolen by the company.
Over 100,000 email accounts of professors were targeted by the attackers all over the world and
infected 7998 of them as revealed by the Justice Department.
It was believed that many of the infiltrations were conducted under the instruction of the Iranian
government particularly the Iranian Revolutionary Guard cops. The hacks were revealed through the
investigations of the FBI. Gigapaper and Megapaper are the two websites through which the attackers
sold the stolen data. Conspiracy to commit computer intrusions, wire fraud and aggravated identity
theft are the charges imposed against the criminals. The modus operandi of the attackers included
‘spearfishing’. The technique was the attacker tricked the professors via a fake website link. The
website seemed like their own university website and after they entered their login credentials into
the website the attackers used password spraying accessing accounts with the help of commonly used
passwords. After that, they used to remove the victim’s entire mailboxes and used to capture new
sent and received emails from the victims.
2019
US Credit Union Spear Phishing
In the year 2019, a phishing campaign took place in the inboxes of numerous credit unions and many
US financial institutions. Many BSA officers at credit unions received spoofed emails that resembled
like they were sent by other BSA officers at credit unions. In the beginning, the messages were sent
only to particular anti-money laundering contacts at credit unions. The messages were sent
mentioning each contact their name and raising a claim of a suspicious transfer from one of the
recipient credit union’s customers which was put on hold for suspected illegal transfer of money. It
was not sure that BSA officers who used to get those messages actually opened the linked or not but
as revealed by one credit union source, one of the recipients might have fallen for that trap. The
recipient used to receive such phishing emails and after opening the mail the recipient used to get an
attached PDF that was opened in order to scrutinize the suspicious transaction that contained
grammatical mistakes.
After this incident, NCUA campaigned an all-round review of the bank’s security logs and alerts. Once
the review was done, it was reported that no bank secrecy or data was breached. The campaign was
conducted beyond the credit unions including other parts of the financial sector. NCUA motivated all
the employee of the credit union to be extra careful of suspicious emails and if they find any such
smell of suspicion regarding any mail, immediately they must inform it to the agency. However, the
strangest question was from where the attackers got the contacts of all the BSA officers of all the
credit unions. According to a BSA officer of a different credit union revealed that their IT department
had detected that the source of those suspicious messages which they used to receive was Ukraine.
Comments