Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Buhtrap: The Evolution of Targeted Attacks Against Financial Institutions
← Research Hub

Buhtrap: The Evolution of Targeted Attacks Against Financial Institutions

The report outlines the activity of the most dangerous and comprehensive cybercriminal group attacking internal banking systems.
View report

Key facts

13

successful attacks against banking institutions conducted between August 2015 and February 2016

$25 mln

stolen from Russian banks

$2 mln

average banking losses per incident

62%

the average amount of theft as compared to the bank’s charter capital

Find the most recent details about

Tactics, Technics and Procedures (TTPs) and detailed descriptions of attack vectorsTactics, Technics and Procedures (TTPs) and detailed descriptions of attack vectors

How the malware spreads through internal banking networkHow the malware spreads through internal banking network

The timeline of the Buhtrap group activity and the chronology of attacks against banksThe timeline of the Buhtrap group activity and the chronology of attacks against banks

Indicators of Compromise (IoCs) of banking malwareIndicators of Compromise (IoCs) of banking malware

Knowing the dynamics and the ways, how threat actors develop and tune their industry‑specific attacks is vital to be one step ahead cybercriminals. Anunak, Corkow and Buhtrap are not the only cyber groups actively attacking banks. We have detected at least two more cyber gangs which are believed to be preparing attacks against financial institutions.

Due to the constantly evolving threat landscape, the necessity to keep your security strategy and tactics up to pace with it has never been more crucial. We are devoted to staying ahead of the curve and providing the industry with the latest cyber threat intelligence both through public reports and our Threat Intelligence & Attribution service.

Dmitry Volkov
Dmitry Volkov
Chief Executive Officer

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

MoneyTaker: Revealed After 1.5 Years of Silent Operations
Threat Research
MoneyTaker: Revealed After 1.5 Years of Silent Operations
Explore how this group managed to hide their traces while conducting 20+ attacks on...
Learn moreView report
Lazarus Arisen: Architecture, Tools and Attribution
Threat Research
Lazarus Arisen: Architecture, Tools and Attribution
The only in-depth report outlining multiple layers of Lazarus infrastructure, thorough analysis of hacker’s...
Learn moreView report
RedCurl: The Awakening
Threat Research
RedCurl: The Awakening
Commercial cyber espionage remains a rare and largely unique phenomenon. We cannot rule out,...
Learn moreDownload report
UltraRank: The Unexpected Twist of a JS-Sniffer Triple Threat
Threat Research
UltraRank: The Unexpected Twist of a JS-Sniffer Triple Threat
New stage in JS-sniffers research. From analyzing malware families to identifying threat actors
Learn moreDownload report