The reason for the sharp changes of quotations in the course of currency trading on the Moscow exchange in February last year was Corkow banking Trojan (Metel), says the report of the company Group-IB that conducted the investigation on behalf of “Energobank”.
As reported, on February 27, 2015 the dollar during trading in the currency section of the Moscow exchange sharply declined from 61% to almost 55 rubles, and then rose to 66 rubles and returned to its previous value. Strong currency fluctuations have occurred over the incomplete 15 minutes (from 12:30 to 12:44).
As stated by representatives of Energobank, February 27, in the computer system the financial institutions are infiltrated by unauthorized persons, and conducted illegal transactions on purchase and sale of foreign currency on the stock exchange on this fact on the same day criminal proceedings were instituted.
According to the investigation of Group-IB, in the case of “Energobank” with the help of malware the attackers gained access to computer systems related to services for individuals and legal entities, and to the trading terminal for conducting transactions on the exchange. Criminals have begun to buy and sell currency at the expense of the Bank. There were made seven applications: five for the purchase of 437 million dollars, and the rest to sell 97 million dollars, reports SecurityLab.
In the end, the actions of the attackers led to strong fluctuations of the ruble within 14 minutes while the attack lasted. 14 minutes after the first application the criminals gave the team the BSOD to remove all traces and output of the system.
According to experts, if the hackers have earned the attack, a very small amount. Most likely, this action was a kind of verification and confirmation of the possibility to have a major impact on the market and, consequently, earn.