An Eastern European gang of cyber criminals appears to have perfected techniques to steal millions of pounds from Europe's carbon registries, which allow companies to buy and sell pollution credits.
The attacks use a combination of phishing, malicious links and modified Trojans, according to Uri Rivner, senior researcher at RSA, the security division of EMC.
The gang impersonated employees responsible for buying and selling carbon emission permits, he told RSA Conference 2011 in San Francisco.
They gathered intelligence about the carbon registries in 25 nations and then used the information to craft targeted e-mails containing links to documents infected with the Nimkey banking Trojan.
The criminals used the Trojan to steal account credentials, which were then used to carry out transactions and divert the proceeds into accounts controlled by accomplices.
Using this technique, the gang stole $31m (£19.1m) from a Romanian cement company and $25.6m from the Czech Republic registry.
The European Commission shut down all the registries in mid-January and although some have been allowed to reopen, most remain closed.