Buhtrap: the evolution of targeted attacks against financial institutions
The report outlines the activity of the most dangerous and comprehensive cybercriminal group attacking internal banking systems
Request
Key facts
13
successful attacks against banking institutions conducted between August 2015 and February 2016
$25 mln
stolen from Russian banks
$2 mln
average banking losses
per incident
62%
the average amount of theft as compared to the bank’s charter capital
Find the most recent details about
Tactics, Technics and Procedures (TTPs) and detailed descriptions of attack vectors
How the malware spreads through internal banking network
The timeline of the Buhtrap group activity and the chronology of attacks against banks
Indicators of Compromise (IoCs) of banking malware
Knowing the dynamics and the ways, how threat actors develop and tune their industry‑specific attacks is vital to be one step ahead cybercriminals. Anunak, Corkow and Buhtrap are not the only cyber groups actively attacking banks. We have detected at least two more cyber gangs which are believed to be preparing attacks against financial institutions.
Due to the constantly evolving threat landscape, the necessity to keep your security strategy and tactics up to pace with it has never been more crucial. We are devoted to staying ahead of the curve and providing the industry with the latest cyber threat intelligence both through public reports and our Threat Intelligence service.
Dmitry Volkov
Chief Technical Officer, Сo‑founder Group‑IB
Group-IB research on targeted attack groups
Hi-Tech Crime Trends 2019/20
Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Crime without punishment: in-depth analysis of JS-sniffers
In-depth analysis and new types of a growing threat — JS‑sniffers — designed to steal payment data
Hi-Tech Crime Trends 2018
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Hi-Tech Crime Trends 2017
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Hi-Tech Crime Trends 2019/20
Strategic intelligence data on state-sponsored groups, industry-specific cyberthreats, targeted attacks on banks and banking clients
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Crime without punishment: in-depth analysis of JS-sniffers
In-depth analysis and new types of a growing threat — JS‑sniffers — designed to steal payment data
Hi-Tech Crime Trends 2018
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Hi-Tech Crime Trends 2017
Introducing the research on cybersecurity trends and predictions for the next year. Plan your cybersecurity strategy effectively.
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat
Intelligence
Intelligence
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Threat Detection System
Comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks
Secure Bank
Client-side fraud and attack prevention system for online banking, working across sessions, platforms and devices
Secure Portal
Protection from bots, fraud and data leakage for e‑commerce and web portals