RTM: Stealthy group targeting remote banking system

RTM: Stealthy group targeting remote banking system by Jean-Ian Boutin and Matthieu Faou.

From the post:

Today, we have released a white paper on RTM, a cybercrime group that has been relentlessly targeting businesses in Russia and neighboring countries using small, targeted campaigns. This group, active since at least 2015, is using malware, written in Delphi, to spy on its victims in a variety of ways, such as monitoring keystrokes and smart cards inserted into the system.

It has the ability to upload files from the compromised system to its command and control (C&C) server. It also has a fingerprinting module to find systems on which specialized accounting software is installed. In particular, they are looking for signs of popular accounting software called “1C: Enterprise 8”. This software is used by businesses, among other things, to make bulk transfers via Remote Banking Systems (RBSes).

The post and the white paper, Read The Manual: A Guide to the RTM Banking Trojan focus on the technical aspects of this series of attacks.

It’s an interesting read despite a very poor pie chart at page 5:

If hackers encountered accounts held by Trump family members, do you think that information will be leaked to the media?

That’s one motive to become skilled at hacking banks.

Others will occur to you over time. 😉

Comments are closed.