Hackers Breach Russian Bank and Steal $1 Million Due to Outdated Router

"The router had tunnels that allowed the attackers to gain direct access to the bank’s local network," Group-IB experts said. "This technique is a characteristic of MoneyTaker. This scheme has already been used by this group at least three times while attacking banks with regional branch networks."

On July 3, MoneyTaker used this system to transfer funds from PIR Bank's account at the Bank of Russia to 17 accounts they created in advance. Moments after the stolen funds landed in these accounts, money mules withdrew it from ATMs across Russia.