DarkVishnya Attacks Loot Millions from Banks

Onsite hacking

Hackers stole tens of millions of dollars from Eastern European banks in a campaign called “DarkVishnya.” The method deployed by the hackers relied on devices connected at the physical location of the targets, rather than attempting to breach networks remotely.

There were several steps to the hack. The first step involved planting in the target banks a device. There types were used: a netbook or equivalent laptop, an inexpensive micro computer favored by hobbyists called a Raspberry Pi, and a Bash Bunny, which is a USB device the size of a thumbdrive used in both cybersecurity and hacking. Raspberry Pis are easy to hide (they measure 2.5” x 3.5”) and Bash Bunnies are even more inconspicuous.

In the second step, hackers remotely connected to the planted devices and scanned for targets. Vulnerable workstations or servers were then used to compromise networks using fileless attacks, a method that is hard to detect and leaves very little evidence. Finally, when the hackers gained access, they siphoned as much money as they could “grab” using phony ATM withdrawals and bank transactions.

Kaspersky Labs, the cybersecurity firm that investigated and identified DarkVishnya, describes the methods used as having “potential for use against any big company. The bigger the better; it is much simpler to hide a malicious device in a large office — and especially effective if a company has many offices around the world connected to one network.”

No hacking group has yet publicly taken credit for the campaign.

Read the initial report of the attacks here.