Anunak – A New Group of Cybercriminals

By   ISBuzz Team
Writer , Information Security Buzz | Dec 22, 2014 05:03 pm PST

Group-IB and Fox-IT, in a joint investigation effort, recently released a report about the Anunak hacker group. This group has been involved in targeted attacks and espionage since 2013. Group-IB specializes in cybercrime investigations, and Fox-IT offers innovative cyber security solutions.

Anunak targets banks and payments systems in Russia and CIS countries. In Europe, USA and Latin America criminals were mainly focusing on retail networks as well as mass media resources.

“Anunak” aims to target banks and e-payment systems. Malefactors can easily get into banks networks and gain access to secured payment systems. As a result, the money is stolen not from the customers but from the bank itself. If malefactors gain access to state institutions’ network, the goal is espionage.

Free eBook: Modern Retail Security Risk – Get your copy now.

When malefactors gain access to internal networks, they have total control over system administrators and can record videos of key workers’ actions to understand how the work is organized. They can then take control over e-mails to monitor internal communications and set up remote control to the network by changing its hardware parameters.

Experts discovered that hackers had access to cash machines management systems and could remotely infect them with malware for the purpose of getting money from them upon request in future.

In the report, Group-IB and Fox-IT describe in detail the methods and software that were used by hackers, as well as the methods and tools that can be used to protect networks and counter targeted attacks.

Some of the report’s key takeaways:

– Average theft in Russia and CIS countries for this group is 2 million US dollars.
– Anunak group had access to more than 50 Russian banks, 5 payment systems, 16 retail companies. Most retail companies are outside of Russia, whereas not a single US/EU bank has been attacked.
– As of now, more than 1 billion rubles has been stolen by the group in total, most of that during the last 6 months.
– Average time from the moment the group gains access to internal network till the money is stolen equals 42 days.
– As of this publication date, the Anunak group is still in operation, which is why Group-IB and Fox-IT forecast an increase in the number of targeted attacks in 2015.

“We have seen criminals branching out for years, for example with POS malware,” says Andy Chandler, Fox-IT’s SVP. “Anunak has capabilities which pose threats across multiple continents and industries. It shows there’s a grey area between APT and botnets. The criminal’s pragmatic approach once more starts a new chapter in the cybercrime ecosystem.”

The report is available here:

About Group-IB

Group-IBGroup-IB is one of the leading international companies specializing in preventing and investigating high- tech cyber crimes and fraud. The company offers a range of services on preventing financial and reputational damages, consulting and auditing of information security systems, and on computer forensics. The company also develops a number of innovative software products Bot-Trek used to monitor, detect and prevent emerging cyber threats.

The Group-IB team is made up of experts with unique skills and solid practical experience. They are internationally certified by CISSP, CISA, CISM, CEH, CWSP, GCFA, and also have information security state certificates. In 2013, computer security incident response team CERT-GIB operated by Group-IB became a member of FIRST – Forum of Incident Response and Security Teams.

For more information please contact the PR Department, Group-IB: | +7 (495) 984 33 64 |

About Fox -IT

Fox-ITFox-IT creates innovative cyber security solutions for a more secure society. We are dedicated to our clients, our values, and our integrity. Fox-IT delivers solutions before, during and after attacks. InTELL is our real-time cyber intelligence product. It provides a unique intelligence approach: InTELL gives full real-time insight in the global threat landscape. Actionable data feeds into operational risk decision systems. Real time threat information allows for tactical decisions and mitigation. We base our intelligence around actor attribution. This angle drives the most pro-active way to deal with on online threats. Information is delivered through our collaboration portal, alerting, and through automated feeds powered by STIX & TAXII.

For more information please contact Eward Driehuis: | +31 6 4382 4529 | |

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x