14 DAY TRIAL // Russian hackers deployed the Corkow trojan and infected Kazan-based Energobank, managing to alter the ruble-dollar exchange rate for 14 minutes, Russian-based cyber-security vendor Group-IB told Bloomberg.
The revelation comes just a day after Kaspersky, another Russian-based cyber-security vendor, shared details about the Metel cybergang, which managed to steal millions of rubles from Russian ATMs in one night by rolling back ATM transactions using the same Corkow trojan.
Ruble-dollar exchange rate needle moved by 10 rubles for 14 minutes
Group-IB is now reporting that, on February 27, 2015, half a year before the Metel gang performed its "great ATM robbery," another gang (or possibly the same) infected the computer system of Russia's Energobank.
Once inside the bank's IT network, the hackers moved laterally, until they managed to find a computer that had access to the bank's financial operations.
The hackers then altered the ruble-dollar exchange rate by 15% for 14 minutes, during which time they initiated trades at non-market rates of around $500 million (€450 million).
After the incident, Russia's central bank started an investigation, thinking it was a deliberate action on Energobank's side, an attempt at manipulating the market.
Bank reported losses of $3.2 million following the incident
The bank denied the claims and hired Group-IB's experts to investigate, suspecting foul play. Two weeks later, Russian newspaper Vedomosti reported that the bank announced losses of 244 million rubles ($3.2 million) due to the illegal operations and filed an insurance claim.
On the other side of the investigation, Group-IB says that the incident looks like a test, and the people behind the attack may have had run a simple experiment to examine their trojan's capabilities. As of now, there's no evidence that the group or any other party profited from the transactions.