The FBI issued an advisory Tuesday warning that cyber criminals sent numerous illegal wire transfers gleaned from phishing attacks on U.S. organizations to trade companies based in China.
In its advisory, the FBI highlighted significant spikes in wire transfers between March 2010 and April 2011, identifying at least 20 incidents in which hackers compromised the online banking credentials of U.S.-based SMBs and used them to initiate wire transfers to numerous Chinese economic and trade companies in Heilongjiang province in port towns located near the Russian border. The economic and trade companies appeared to be registered as legitimate businesses holding accounts with several established Chinese banks, which included the Agricultural Bank of China, the Industrial and Commercial Bank of China and the Bank of China.
Thus far, it is unclear exactly who was behind the illegal wire transfers, or if the Chinese accounts were the final destination or if they were transferred elsewhere, or why legitimate companies appeared to receive and accept the unauthorized funds.
However, many of the attacks involved the Zeus botnet, Backdoor.bot or Spybot, three botnets often used in cyber and banking fraud. Known worldwide as the banking botnet, Zeus contains malware with the capability of stealing security authentication tokens, enabling hackers to access the victim’s bank account with seemingly legitimate login credentials.
By April, the dollar amount of attempted fraud totaled around $20 million, with actual victim losses nearing about $11 million. The individual unauthorized wire transfers ranged from $50,000 to $985,000, but were generally more than $90,000 at a time.