Russian Hackers Illegally Manipulated $400 Million Of Dollar/Ruble Trades In February 2015
A new report by cybersecurity company Group IB reveals a massive successful cyberattack on Russian trading systems in February 2015. According to the report, the cybercriminals used a Trojan virus to gain access to trading systems and perform $400 million of unauthorized trades.
The criminals focused on making dollar/ruble forex trades on behalf of a bank. The attack reportedly lasted just 14 minutes but cause a huge spike in volatility.
“The hacker attack provoked abnormal volatility which lasted 6 minutes and enabled buying dollars for 590660 rubles per dollar and in 51 seconds selling dollars for 623490 rubles per dollar,” Group IB explains. With this small of a trade, the firm speculates that the hackers likely had coconspirators and access to “a huge amount of money.”
“To conduct the attack criminals used the Corkow malware, also known as Metel, containing specific modules designed to conduct thefts from trading systems, such as QUIK operated by ARQA Technologies and TRANSAQ from ZAO ‘Screen market systems’,” the report reads. Group IB believes this attack could have been a test in anticipation of much larger or more prolonged attacks in the future.
Group IB says that the Corkow Trojan was also used in an August 2015 attack on about 250 banks.
Cybersecurity stocks have been hammered so far in 2016, with shares of Cyberark Software LtdCYBR 5.16%, FireEye IncFEYE 10.08% and the PureFunds ISE Cyber Security ETFHACK 3.14% down more than 25 percent year-to-date.