A hacker group based in Russia and Ukraine is gaining access to the internal payment systems of banks and payments providers and has stolen about £16m in the past six months.
The group, known as Anunak, has been described in a report from Group-IB in Russia and Fox-IT in the Netherlands.
The report said Anunak was previously involved in common financial fraud, including theft from consumer and corporate bank accounts in Europe and Russia. But the group moved to a new area in 2013, targeting internal systems at banks and electronic payment systems in Russia and the former Soviet bloc.
“The anti-fraud measures employed by banks has pushed the criminals to search for new ways to make money with less barriers.
"Compromising and modifying or taking data from banks, payment providers, retail and media/PR companies are some of these methods,” said the report.
The fraud occurs in the corporate network using internal payment gateways and internal banking systems.
More on cyber crime
“Money is stolen from the banks and payment systems, and not from their customers," the report said. "While this is their main and most lucrative activity, the gang has also ventured into other areas including the compromise of media groups and other organisations for industrial espionage and likely a trading advantage on the stock market.”
It takes the hackers 42 days on average to steal money after initially breaking into the corporate network.
The hackers have also gained control of ATMs.
Fox-IT general manager Andy Chandler said criminals are branching out.
“Anunak has capabilities which pose threats across multiple continents and industries," he said. "It shows there’s a grey area between advanced persistent threat and botnets. The criminal’s pragmatic approach once more starts a new chapter in the cyber crime ecosystem."