Skip to main content

Woburn, MA – June 1, 2016 -Kaspersky Lab and Sberbank, one of Russia’s largest banks, worked closely with Russian law enforcement agencies in an investigation into the Lurk gang that has now resulted in the arrest of 50 people. Those detained are suspected of involvement in the creation of infected computers networks that resulted in the theft of more than $45 million dollars (3 billion rubles[1]) from banks, other financial institutions and businesses since 2011. This is the largest ever arrest of hackers to have taken place in Russia.

In 2011, Kaspersky Lab detected the activity of an organized cybercriminal gang using the Lurk Trojan - a sophisticated, universal and multi-modular malware with wide functionality - to gain access to victims’ computers. In particular, the gang was looking for a way into remote banking services so that it could steal money from customer accounts.

“From the very start, Kaspersky Lab experts were involved in the law enforcement investigation into Lurk,” said Ruslan Stoyanov, Head of computer incidents investigation at Kaspersky Lab. “We realized early on that Lurk was a group of Russian hackers that presented a serious threat to organizations and users. Lurk started attacking banks one-and-a-half years ago; before then its malicious program targeted various enterprise and consumer systems.”

“Our company’s experts analyzed the malicious software and identified the hacker’s network of computers and servers. Armed with that knowledge the Russian Police could identify suspects and gather evidence of the crimes that had been committed. We look forward to helping to bring more cybercriminals to justice,” Stoyanov added.

During the arrest the Russian police managed to prevent the transmission of fake money transactions worth more than $30 million dollars (2,273 billion rubles[2]).

The Lurk Trojan

In order to propagate the malware, the Lurk group infected a range of legitimate websites with exploits, including leading media and news sites. A victim simply had to visit a compromised webpage to become infected with the Lurk Trojan. Once inside the victim’s PC, the malware would start to download additional malicious modules that enabled it to steal the victim’s money.

Media websites were not the only non-financial target of the group. In order to hide their traces behind a VPN-connection, the criminals also hacked into various IT and telecom companies, using their servers to remain anonymous.

The Lurk Trojan is distinctive in that its malicious code is not stored on the victims’ computer but in the random access memory (RAM). Also, its developers tried to make it as difficult as possible for anti-virus solutions to detect the Trojan. As a result, they made use of different VPN-services, the anonymous Tor network, compromised Wi-Fi connection points and servers belonging to the attacked IT organizations.

Kaspersky Lab urges companies to pay close attention to their security measures and to regularly perform an IT infrastructure security check, so that at the very least they are protected from known vulnerabilities. It is also extremely important to teach employees the basics of responsible cyber-behavior.

In addition, companies need to introduce measures that will enable it to detect an on-going targeted attack. The best strategy here is to complement the approach to threat prevention with significant investments in threat detection and response. Even the most sophisticated targeted attacks can be spotted by their abnormal activity when compared to regular business workflow.

Kaspersky Lab’s latest solution designed to detect targeted attacks includes an intelligent system to analyze just such anomalies – Kaspersky Anti Targeted Attack Platform.

Kaspersky Lab detects the Lurk Trojan as Trojan.Win32.Lurk, Trojan-Banker.Win32.Lurk, Trojan-Spy.Win32.Lurk.

-----------------------------------------------------------------------
[1] data from the Ministry of Internal Affairs in Russia
[2] data from the Ministry of Internal Affairs in Russia

About Kaspersky Lab

Kaspersky Lab is one of the world’s fastest-growing cybersecurity companies and the largest that is privately-owned. The company is ranked among the world’s top four vendors of security solutions for endpoint users (IDC, 2014). Since 1997 Kaspersky Lab has been an innovator in cybersecurity and provides effective digital security solutions and threat intelligence for large enterprises, SMBs and consumers. Kaspersky Lab is an international company, operating in almost 200 countries and territories across the globe, providing protection for over 400 million users worldwide.

Learn more at www.kaspersky.com.

For the latest in-depth information on security threat issues and trends, please visit:
Securelist | Information about Viruses, Hackers and Spam
Follow @Securelist on Twitter

Threatpost | The First Stop for Security News
Follow @Threatpost on Twitter

Media Contact:
Sarah Kitsos
781.503.1836
sarah.kitsos@kaspersky.com

Kaspersky Lab Assists in Russia’s Largest Cybercriminal Arrest: The Hackers Who Stole $45 Million

Kaspersky Lab and Sberbank, one of Russia’s largest banks, worked closely with Russian law enforcement agencies in an investigation into the Lurk gang that has now resulted in the arrest of 50 people.
Kaspersky Logo