Kommersant, citing computer security experts, reports that, for the first time in Russia, hackers have managed to carry out a cyberattack on a bank in Russia and withdraw money through the international SWIFT system. This information was confirmed to the publication by the Central Bank; however, the publication’s sources did not name either the bank in which the attack was carried out, or the amount of damage.
The company Group-IB, which specializes in cybersecurity issues, told the publication that the hacker group Cobalt was involved in the attack. The newspaper also refers to a report by the structural unit of the Central Bank for Information Security, FinCERT, which named Cobalt as a main threat to credit institutions. According to Group-IB, Cobalt has completed at least 50 successful attacks on banks around the world. The Central Bank confirmed that the group has carried out more than ten successful cyberattacks in Russia, each of which resulted in the embezzlement of especially significant sums of money.
The cyberattack on the bank occurred on December 15; the funds were withdrawn through SWIFT, the newspaper said, which is a new phenomenon for Russia. Representatives of SWIFT refused to comment on "individual clients" and stated that there was no evidence of unauthorized access to SWIFT networks.
According to Artem Sychev, Deputy Head of the Central Bank’s information security and protection department, the SWIFT system was not targeted, but was used to withdraw the money. “SWIFT was likely chosen only because it was of interest to withdraw funds abroad. Money went to Europe, Asia and North America. Apparently, the intruders considered [those countries] to be less risky than Russia," he said.