Housing Finance Bank (FGF)

Joint Stock Company Housing Finance Bank (JSC Bank ZhilFinance, BZF) is a specialized mortgage bank that has been actively operating in the Russian mortgage lending market for more than 22 years.

As of October 2018, the bank's priority areas of activity are mortgage lending and attracting deposits of individuals. The Bank is a member of the compulsory deposit insurance system.

History

2023: Site hacking - information about deposit freezing was posted there

On November 9, 2023, BZF-Bank, the All-Russian Regional Development Bank (RRDB) and Fora-Bank reported hacking their sites after they published information about the freezing of deposits. The messages posted by the hackers said that credit is switching to a "special mode of operation": operations on deposits and accounts of individuals are allegedly temporarily suspended. Funds in accounts exceeding 1.4 million rubles are automatically transferred to state loan bonds, and the balance is frozen, it was written on official banking resources after their hacking. Read more here.

2018: Hackers withdrew $100,000 from the bank through the gateways of payment systems

In September 2018, the Housing Finance Bank (BGF) became a victim of the Cobalt group. According to the Kommersant newspaper on October 3, 2018, the attackers managed to withdraw about $100 thousand from the bank through the gateways of payment systems. According to the information provided to Kommersant by law enforcement agencies, three more credit organizations have been infected, the names of which have not been disclosed. In all affected banks, law enforcement officers revealed "a low level of information security, the absence of Russian antiviruses, licensed software, updates."

Similar cases of withdrawal of funds were last recorded two years ago, said Stanislav Pavlunin, director of security at Post Bank. However, since then, hackers have switched to attacks when funds were withdrawn through other channels, added Dmitry Sturov, head of the Renaissance Credit information security department.

As explained by the executive director of CyberPlat Vladimir Kuznetsov, when transferring funds through the gateway of the payment system, money can be transferred both online and in tranches. At the same time, both the payment system and the bank set up limits on transfers (for the total amount of transfers during the day, the maximum amount of the transfer, the number of transfers of the same type, etc.), which are designed to protect the bank from the actions of fraudsters, including unauthorized debits.

In the case of BZF, the attackers were able to hack into the bank's ABS, increase the established limits on the transfer of funds and, through the gateways of payment systems, withdrew money to bank cards, then cashing it out, Kommersant sources familiar with the situation said.

In particular, phishing mailing allowed members of the Cobalt group to enter the bank. The letter, drawn up on behalf of Alfa-Bank, spoke of the need to resolve the issue with fraudulent transactions that allegedly came from BZF.

FinCERT warned about this phishing attack in its August 16 bulletin. According to him, one of the vulnerabilities in Microsoft software was exploited by cybercriminals. As specified in the Positive Technologies security expert center, it was about the Beacon Trojan, which is used to organize remote access to an employee's work computer.

According to Alexei Novikov, head of the Positive Technologies security expert center, hackers are returning to the old schemes due to the fact that it is rather difficult for the payment system to distinguish a legitimate payment from an illegitimate one. Meanwhile, the last mailing from malware Cobalt was recorded by Positive Technologies experts at the end of September 2018, after the described attack.^[1]

Notes