Dozens of Russian Banks Phished By Crooks Pretending To Be FinCERT

← Back to Stories (view on slashdot.org)

Dozens of Russian Banks Phished By Crooks Pretending To Be FinCERT

Posted by timothy on Thursday March 17, 2016 @08:32PM from the if-it-wasn't-for-you-grammarian-kids dept.

itwbennett writes: CSO Online's Steve Ragan reports that dozens of Russian banks were targeted this week by meticulous attackers who formatted a Word document 'to look like a legitimate FinCERT bulletin – suggesting that the attackers took their time to learn proper protocol and standards. A remarkable feat, considering FinCERT notifications are usually not for public consumption,' says Ragan. The attackers also were reportedly particular about their messages and to whom they were addressed. They even timed the email campaign to coincide with the lunch rush, presumably thinking that workers hurrying to get out of the office would be less cautious. Their only misstep, in the form of a grammatical error, came the next day when they sent the message out to hundreds more banks.

16 comments

Min score:

Reason:

Sort:

can you say... by sociocapitalist · 2016-03-17 20:37 · Score: 1

Inside job?

--
blindly antisocialist = antisocial
1. Re:can you say... by Anonymous Coward · 2016-03-17 21:04 · Score: 0
  
  Strange news..
  I once talked with some CERT people and if FinCERT people then it doesn't seem to make sense. (Except that world/net is in some kind of chaos).
Aren't most Russian hackers only free because... by He+Who+Has+No+Name · 2016-03-17 21:04 · Score: 1

...of an informal "no Russian" understanding with Moscow?
I suspect this may get them unwanted attention.
Re:Aren't most Russian hackers only free because.. by butzwonker · 2016-03-17 21:45 · Score: 1

It's quite a long stretch to assume that the hackers were Russian. Perhaps they were, but it's more likely that they pulled this off from abroad for safety reasons.
Re:Aren't most Russian hackers only free because.. by Anonymous Coward · 2016-03-17 21:49 · Score: 0

Why are we automatically assuming it's russians targetting russians?
Wait.. by invictusvoyd · 2016-03-17 22:15 · Score: 1

Macros , flash and remote assistance in banks . whats missing ?

Default passwords.
1. Re:Wait.. by Anonymous Coward · 2016-03-17 22:21 · Score: 0
  
  Unpatched cisco equipment.
What's FinCERT? by wonkey_monkey · 2016-03-17 23:00 · Score: 2

So what's FinCERT when it's at home?
No, I can't just Google it. Lazy editor is lazy.

--
systemd is Roko's Basilisk.
Jealousy by TechyImmigrant · 2016-03-18 03:02 · Score: 1

I envy the smooth, we polished phishes some people get. I just get crappy "Update your PayPol Urgent!"

--
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Re:Aren't most Russian hackers only free because.. by Coren22 · 2016-03-18 04:33 · Score: 1

Do the Russian banks even have any foreign currency left? Who else would want some rubles.

--
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Sciences AND Arts by taliesinangelus · 2016-03-18 04:52 · Score: 1

Their only misstep, in the form of a grammatical error, came the next day when they sent the message out to hundreds more banks.
Should have studied more than STEM!
Thank the Nazis! by Anonymous Coward · 2016-03-18 07:19 · Score: 0

Thanks Grammar Nazis!