Cyber bank heist tied to Russian government IP address

Cyber bank heist tied to Russian government IP address
© Thinkstock

Researchers have tied a worldwide cyber bank heist to an IP address linked to the Russian Federal Security Service (FSB), although they’re cautioning that doesn’t mean Moscow is behind the crooked campaign.

In February, security firm Kaspersky Lab uncovered an organized cyber crime ring that had spent two years digitally infiltrating banks, monitoring employee behavior, even impersonating bank officers.


Over two years, the hackers slowly pilfered an estimated billion dollars from firms in over 30 countries, including the U.S., Russia, China and Germany.

The coordinated attack, which is ongoing, was dubbed “Carbanak.”

Some analysts called the scheme one of the first true “cyber mafia” rings, an attack of unprecedented complexity and breadth.

While recently examining cyberattacks used to infiltrate the banks, a researcher at Trend Micro noticed a domain launching the digital assaults traced back to an IP address attributed to the FSB, Moscow's main intelligence agency.

“I still do not know why it happened; I do not really think that FSB Russia would point the Carbanak-related domain name to an IP address which is affiliated with Russian Federal Security Service,” said Trend Micro Senior Threat Researcher Maxim Goncharov.

“It is also possible that the owner of the domain had done this as a prank,” he added.

Complicating the matter further is that Russian banks have been one of Carbanak’s main targets.

While Russian hackers are widely suspected to be a large part of organizing Carbanak, there has been no major evidence that Russian officials were directing the campaign.

Moscow has been suspected in hacks that infiltrated the State Department and the White House last fall.