Subscribe to Entrepreneur for $5

Unknown Hacking Group Pulls $300 Million International Bank Heist


Fears of a cyberattack are chief among financial institutions' concerns. And it's no wonder why.


In a troubling report released this week, global cybersecurity firm Kaspersky Lab found that, since 2013, there has been an ongoing infiltration of over 100 banks and financial institutions in 30 different countries. The hacker group behind the attacks is still at large and largely unknown.

Related: What Startups Need to Do to Be Cyber Secure in 2015

The group -- which has been dubbed the "Carbanak cybergang" because of the type of malware they used -- has stolen anywhere from $300 million to roughly three times that. The hackers planted the malware in bank computers via infected e-mails (posing as bank employees) targeting the main admin computer. They then recorded the computers for months as bank employees went about their business.

The hackers took money from banks in Japan, the Netherlands, Russia, Switzerland and the U.S and transferred it to fake accounts in other countries, reports The New York Times. The withdrawals were reportedly limited to $10 million to avoid tripping any precautions the banks had in place. They also used the stolen information to get into the e-banking systems and ATMs -- which ultimately led to the discovery of the large scale attack.

Related: The Next Place Hackers Will Find You? Your Car.

Kaspersky Lab began investigating the attack after an ATM in Kiev, Ukraine, started shooting out extra cash, completely unbidden at different times during the day.

The Russian firm's findings come at a fraught time, especially after the illuminating and frightening fallout from the Sony hack. Last week, President Obama spoke at the  Summit on Cybersecurity and Consumer Protection at Stanford University and signed an executive order urging the private sector to  "share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible." These efforts follow the president's call for a 30-day breach notification law in January. 

Related: Better Safe Than Sorry: How Startups are Staying Protected in Cyberspace

Nina Zipkin

Written By

Entrepreneur Staff

Nina Zipkin is a staff writer at She frequently covers leadership, media, tech, startups, culture and workplace trends.