Report

Buhtrap: the evolution of targeted attacks against financial institutions

The report outlines the activity of the most dangerous and comprehensive cybercriminal group attacking internal banking systems

Questions? Contact us +7 (495) 984 33 64
or pr@group-ib.ru

Download the Report for free
Thank you

for taking interest in Group-IB reports

Buhtrap: Key Facts

13

successful attacks against banking institutions conducted between August 2015 and February 2016

$25 mln

stolen from Russian banks

$2 mln

average banking losses
per incident

62%

the average amount of theft as compared to the bank’s charter capital

Find the most recent details about

Tactics, Technics and Procedures (TTPs) and detailed descriptions of attack vectors

How the malware spreads
through internal banking network

The timeline of the Buhtrap
group activity
and the chronology
of attacks against banks

Indicators of Compromise (IoCs)
of banking malware

Knowing the dynamics and the ways, how threat actors develop and tune their industry‑specific attacks is vital to be one step ahead cybercriminals. Anunak, Corkow and Buhtrap are not the only cyber groups actively attacking banks. We have detected at least two more cyber gangs which are believed to be preparing attacks against financial institutions.

Due to the constantly evolving threat landscape, the necessity to keep your security strategy and tactics up to pace with it has never been more crucial. We are devoted to staying ahead of the curve and providing the industry with the latest cyber threat intelligence both through public reports and our Bot-Trek Intelligence service.

Dmitry Volkov

Head of the Investigation Department
and the Bot‑Trek Intelligence service

Protect your clients, business and reputation

Bot-Trek Intelligence subscribers are always on the forefront and were made aware of the recent Buhtrap spear-phishing emails the same day they were sent. Additionally, reports included both mailings details and payload analysis. The data we provided proved vital in preventing attacks against clients exposed to Buhtrap risks.

We help to prevent and investigate cyber attacks at every stage, from reconnaissance or preparation to threat actors taking actions to achieve objectives. Furthermore, we prevent the spread of the attack and ensure that your infrastructure is clean of the presence of infection.
Contact us to learn more: +7 495 984-33-64 or info@group-ib.ru

Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.

We are recognized by Gartner as a threat intelligence vendor with strong cyber security focus and the ability to provide leading insight to the Eastern European region and recommended by the Organization for Security and Co-operation in Europe (OSCE).

Group-IB’s experience has been fused into the
Bot-Trek information security ecosystem — an array of highly sophisticated software and hardware solutions to monitor, identify and prevent cyber threats.

Learn more

Buhtrap: the evolution of targeted attacks against financial institutions

Group-IB helps you to learn more about hackers’ techniques.
Please leave your contact info and download the report.

 
Thank you for taking interest in Group-IB reports
Click here to download the report