Group-IB tracked first large-scale targeted attacks on Russian banks as early as 2013. In 2014, there were only two known hacker groups, Anunak and Corkow, which conducted targeted attacks, whereas in 2015 there were three (Anunak, Corkow and Andromeda), and in 2016 four of them (Buhtrap, Lurk, Cobalt and MoneyTaker). The explanation is very simple: groups that used to attack companies that are banks' clients are now shifting their focus to banks themselves. More money, less risk.
The majority of targeted attacks originated from Russia: hackers first tested all their new viruses, software and patterns of attacks on Russian banks and then went on to attack international financial institutions.
In February 2016, hackers tried to steal $951 million from the Central Bank of Bangladesh via the SWIFT system. Due to a mistake in a payment document they managed to steal only $81 million. According to investigation results, the attack was organized by Lazarus, a North Korean hacker group. For many years, it has been known for their actions against ideological opponents of North Korea, which involved DDoS attacks and hacking into resources of government, military and aerospace institutions in South Korea and the USA. However, apparently last year the North Korean hackers ran out of money, so they attacked dozens of financial institutions worldwide.