MoneyTaker, revealed after
1.5 years of silent operations.

Explore how this group managed to hide their traces while conducting 20+ attacks on banks and financial services companies in the USA, UK and Russia.

Discover in the report:

  1. Unique techniques to enter the network.
  2. TTPs and analysis of cybercriminal infrastructure.
  3. Predictions on new targets.
  4. Indicators of Compromise to monitor your network.

Contact us +7 (495) 984 33 64 or

Contact us +7 (495) 984 33 64 or

MoneyTaker uses publicly available tools, which makes the attribution and investigation process a non-trivial exercise. In addition, incidents occur in different regions worldwide and at least one of the US Banks targeted had documents successfully exfiltrated from their networks, twice. Group-IB specialists expect new thefts in the near future and in order to reduce this risk, Group-IB would like to contribute our report identifying hacker tools, techniques as well as indicators of compromise we attribute to MoneyTaker operations.

Dmitry Volkov

Head of Threat Intelligence Department, Сo‑founder Group‑IB

MoneyTaker - Group-IB report

Thank you for your interest in our research.

Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid
corporate email address.


* Your data is protected by Privacy Policy
Thank you! You’ll receive key findings of Group-IB report shortly. Have you any questions, please contact us via

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64


* Your data is protected by Privacy Policy
Thank you!
We will contact you soon.