Hackers make off with at least $300 million in bank heists

With the help of malware, hackers hit more than 100 financial institutions in 30 countries, says a report released to The New York Times by cybersecurity firm Kaspersky Lab.

Anne Dujmovic Senior Editor / News
Anne Dujmovic is a senior editor at CNET. Her areas of focus include the climate crisis, democracy and inclusive language. She believes in the power of great journalism and art, and the magic of tardigrades.
Expertise Helps craft editorial standards for writing about complex topics, from climate change to politics to misinformation. Credentials
  • Has extensive journalism experience in digital media.
Anne Dujmovic
2 min read

Kaspersky Lab is set to publish a report Monday on its investigation into what could be the biggest bank theft ever.
Kaspersky Lab is set to publish a report Monday on its investigation into what could be the biggest bank theft ever. Benjamin Howell/Getty Images

A group of cybercriminals used malicious software to steal at least $300 million from banks and other financial institutions around the world, which could prove to be one of the biggest bank thefts ever, according a report Saturday in The New York Times.

Kaspersky Lab, a Russia-based cybersecurity firm that investigated the string of thefts, is set to publish a report Monday on its findings. The Times got an advance copy.

According to the Times, Kaspersky found that the hackers hit more than 100 institutions in 30 countries, dating back to 2013. The thefts could add up to a lot more than $300 million -- the amount Kaspersky has evidence of -- maybe three times that, the firm said. And the attacks may still be happening.

Chris Doggett, managing director of the Kaspersky Lab North America market, told the Times: "This is likely the most sophisticated attack the world has seen to date in terms of the tactics and methods that cybercriminals have used to remain covert."

The hackers have been dubbed the "Carbanak cybergang" because of the name of the malware they used. Most of the banks that were hit are in Russia, but also on the list are ones in Japan, Europe and the United States. Kaspersky could not release the names of the banks because of nondisclosure agreements, the Times said.

Kaspersky Lab didn't immediately respond to a request for comment.

So just how did the hackers carry out the string of thefts? The Times report said they broke in to the banks' computer systems by first sending infected emails to employees, some of whom then clicked on links and unknowingly downloaded malicious software. Once they had access, the hackers set out to find employees who were in charge of cash transfer systems or ATMs. Next they installed a remote access tool, or RAT, enabling them to take screenshots or video of those employees' screens and study what they did, the Times said. The cybercrimals were then able to remotely direct ATMs to dispense money or transfer money to fake accounts.

The White House and FBI have been briefed on Kaspersky Lab's findings, and Interpol is coordinating an investigation, the Times said.

The news is timely. On Friday, the White House held a cybersecurity summit at Stanford University, where President Barack Obama outlined plans for private companies and the government to share information to thwart cyberattacks.

Update, 2:54 p.m. PT: Adds info on how the hackers reportedly pulled off their scheme.