A report released yesterday by security firm Group-IB found that the group believed responsible for phishing attacks in Russia earlier this week has been stealing from Russian banks for more than a year.
Buhtrap, as the group is known, began targeting bank clients first before going after the banks themselves.
The report contains examples of Buhtrap’s phishing lures and campaign methods.
According to the report, the group has used tactics such registering typo domains or domains that are familiar to the victims. From there, the group often rented servers and configured them to avoid spam traps or filters, according to a story in CSO. Overall, Buhtrap’s methods are not particularly sophisticated, they’re just well-coordinated, said the report.
"In many respects, this group’s activity has led to the current situation where attacks against Russian banks are causing direct losses in the hundreds of millions of rubles are no longer taken as something unusual," the report explained.
Attacks on banks appear to be on the rise. In February, hackers got away with about $80 million in a bank heist involving a complex web of international transfers.