History
2020: Attack to the Russian developers of banking software
On September 7, 2020 it became known of an attack of the Chinese hacker Winnti grouping to the Russian software developers for banks. Cyberattacks were announced by experts of cybersecurity company Positive Technologies without indication of names of credit institutions and producers of software which could suffer from actions of cybercriminals.
According to Kommersant, by the beginning of September, 2020 is observed surge in activity of grouping, all more than 50 computers are infected worldwide. Among the victims there are at least five Russian developers of banking software and construction company.
As experts explained, malefactors implement a malicious code at software development stage. As soon as it is set, the program starts collection of data on the organization. Then on the device the full-fledged backdoor through which there is a theft of information is loaded. Such attacks threaten with date leak about accounts, the amounts and cash transactions. Besides, through them corporate espionage can be performed.
According to the head of analytics and special projects of InfoWatch company Andrey Arsentyev, the Chinese hackers can be interested not so much in financial profit how many in corporate espionage for expansion on the Russian market.
Winnti is concentrated on the attacks in the commercial sector where the level of its tools is significantly higher, than at the majority of groupings, the head of department of investigation of cyberincidents of JSOC CERT of Rostelecom Igor Zalevsky says. According to him, the activity of grouping and in the state organizations was noticed in recent years.
According to the report of Positive Technologies, sharply increased activity of group can be also connected with a coronavirus pandemic. Many companies sent the employees for remote work, and at the same time, according to the experts, 80% of employees use home computers for work. It turns out that many workers are out of reach of corporate assets of protection and security policies. It does them by very vulnerable target, explained in Positive Technologies.[1]