PALO ALTO, Calif.—A new report claims that cyberthieves have hit 100 banks across 30 countries and have stolen at least $300 million, and possibly three times that amount.
Cybersecurity firm Kapersky Lab released the report, which indicates that the criminal group includes Russians, Chinese and Europeans. It discovered the ring after being contacted by a bank in Kiev, Ukraine, which in 2013 had found one of its ATMS apparently randomly dispensing cash.
In the course of that investigation, malware was discovered on the bank’s internal computers that was recording the every move of the bank’s employees and bookkeepers, including video feeds, allowing the criminals to understand the bank’s procedures in detail.
The criminals behind the malware were able to not just turn the ATMs into cash dispensers, but to impersonate bank employees and to transfer millions of dollars.
The same malware is expected to be installed at numerous banks. Authorities said the thieves limited the transfers to less than $10 million per transaction in part to limit their profile.
Many of the targeted banks were in Russia, but also in Japan, Europe and the U.S. Kapersky said one of its clients lost more than $7 million through the ATM manipulation alone.