Buhtrap: the evolution of targeted attacks against financial institutions

The report outlines the activity of the most dangerous and comprehensive cybercriminal group attacking internal banking systems

Contact us +7 (495) 984 33 64 or

Get the report
Thank you

for taking interest in Group-IB reports

Contact us +7 (495) 984 33 64 or

Buhtrap: Key Facts


successful attacks against banking institutions conducted between August 2015 and February 2016

$25 mln

stolen from Russian banks

$2 mln

average banking losses
per incident


the average amount of theft as compared to the bank’s charter capital

Find the most recent details about

Tactics, Technics and Procedures (TTPs) and detailed descriptions of attack vectors

How the malware spreads
through internal banking network

The timeline of the Buhtrap
group activity
and the chronology
of attacks against banks

Indicators of Compromise (IoCs)
of banking malware

Knowing the dynamics and the ways, how threat actors develop and tune their industry‑specific attacks is vital to be one step ahead cybercriminals. Anunak, Corkow and Buhtrap are not the only cyber groups actively attacking banks. We have detected at least two more cyber gangs which are believed to be preparing attacks against financial institutions.

Due to the constantly evolving threat landscape, the necessity to keep your security strategy and tactics up to pace with it has never been more crucial. We are devoted to staying ahead of the curve and providing the industry with the latest cyber threat intelligence both through public reports and our Threat Intelligence service.

Dmitry Volkov

Head of the Investigation Department
and the Threat Intelligence service

Protect your clients, business and reputation

Threat Intelligence subscribers are always on the forefront and were made aware of the recent Buhtrap spear-phishing emails the same day they were sent. Additionally, reports included both mailings details and payload analysis. The data we provided proved vital in preventing attacks against clients exposed to Buhtrap risks.

We help to prevent and investigate cyber attacks at every stage, from reconnaissance or preparation to threat actors taking actions to achieve objectives. Furthermore, we prevent the spread of the attack and ensure that your infrastructure is clean of the presence of infection.
Contact us to learn more: +7 495 984-33-64 or

Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.

We are recognized by Gartner, Forrester and IDC a as leading threat intelligence vendor with the ability to provide a unique insight to the threats originating from Russia and Eastern Europe. Group-IB is recommended by the Organization for Security and Co-operation in Europe (OSCE).

Group-IB’s experience and threat intelligence has been fused into an eco-system of highly sophisticated software and hardware solutions to monitor, identify and prevent cyber threats.

Learn more

Buhtrap: the evolution of targeted attacks against financial institutions

Group-IB helps you to learn more about hackers’ techniques.
Please leave your contact info and download the report.

* Your data is protected by Privacy Policy
Thank you for taking interest in Group-IB reports
Click here to download the report

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

* Your data is protected by Privacy Policy
Thank you!
We will contact you soon.
Report an incident