ETDA ThaiCERT
Report
Search
Home > List all groups > MoneyTaker

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: MoneyTaker

NamesMoneyTaker (Group-IB)
CountryRussia Russia
MotivationFinancial crime
First seen2016
Description(Group-IB) In less than two years, this group has conducted over 20 successful attacks on financial institutions and legal firms in the USA, UK and Russia. The group has primarily been targeting card processing systems, including the AWS CBR (Russian Interbank System) and purportedly SWIFT (US). Given the wide usage of STAR in LATAM, financial institutions in LATAM could have particular exposure to a potential interest from the MoneyTaker group.

Although the group has been successful at targeting a number of banks in different countries, to date, they have gone unreported. In addition to banks, the MoneyTaker group has attacked law firms and also financial software vendors. In total, Group-IB has confirmed 20 companies as MoneyTaker victims, with 16 attacks on US organizations, 3 attacks on Russian banks and 1 in the UK.
ObservedSectors: Financial.
Countries: Russia, UK, USA.
Tools usedCitadel, Kronos, Metasploit, MoneyTaker, Screenshotter.
Information<https://www.group-ib.com/blog/moneytaker>

Last change to this card: 14 April 2020

Download this actor card in PDF or JSON format

Previous: Molerats, Extreme Jackal, Gaza Cybergang
Next: MuddyWater, Seedworm, TEMP.Zagros, Static Kitten

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key