Today, we released a report of an attack targeting the UK customers of a global financial institution. This attack has been on-going since early July, and our research has discovered that approximately 3000 customers of this financial institution have fallen victim to it. We’ve estimated that close to £675,000 GBP (over $1 Million USD) has been stolen from customer accounts.

The M86 Security Labs team detected this illegal operation after discovering a malicious code attack used to infect users’ PCs with a Trojan. The team then followed the trail to a Command & Control center. The research reveals that the cybercriminals used a combination of exploit kits, the new Zeus v3 Trojan, and money mule accounts to compromise user systems, successfully avoid anti-fraud systems, and rob bank accounts. The whole operation shows a high degree of technical sophistication and complexity, and highlights the continuing and escalating battle we have with cybercrime.

Our report exposes the architecture, business model, tools and methods used by the cybercriminal operation behind this attack. You can download a copy of the report here.

The image below illustrates one of the cybercriminal’s admin panels,showing financial transactions from compromised accounts sent to money mule accounts.

M86 Security representatives have informed relevant law enforcement agencies of all criminal activities and methods used by the perpetrators of this attack.