{"id":7222,"date":"2018-07-23T11:10:27","date_gmt":"2018-07-23T11:10:27","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/"},"modified":"2018-07-23T11:10:27","modified_gmt":"2018-07-23T11:10:27","slug":"cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/","title":{"rendered":"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch"},"content":{"rendered":"<p>Hackers stole almost $1m from a Russian bank earlier this month after breaching its network via an outdated router.<\/p>\n<p>PIR Bank was looted by the notorious MoneyTaker hacking group, according to Group-IB, the Moscow-based security firm called in by the bank to handle incident response.<\/p>\n<p>Funds were stolen on 3 July through the Russian Central Bank&#8217;s Automated Workstation Client (an interbank fund transfer system similar to SWIFT), transferred to 17 accounts at major Russian banks and cashed out. Cybercrooks tried to ensure persistence in the bank&#8217;s network through &#8220;reverse shell&#8221; programs in preparation for subsequent attacks, but these hacking tools were detected and expunged before further mischief could be wrought.<\/p>\n<p>According to <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.kommersant.ru\/doc\/3677400\">local reports<\/a>, PIR Bank lost around $920,000 from their correspondent account at the Bank of Russia. Group-IB describes this as a &#8220;conservative estimate&#8221;.<\/p>\n<p>After studying infected workstations and servers at the bank, Group-IB forensic specialists collected digital evidence implicating MoneyTaker in the theft. The digital footprints from the PIR Bank raid matched the tools and techniques of earlier attacks linked to MoneyTaker.<\/p>\n<p>Group-IB <a target=\"_blank\" rel=\"nofollow\" href=\"https:\/\/www.group-ib.com\/media\/new-attack-moneytaker\/\">confirmed<\/a> that the attack on PIR Bank started in late May 2018 with the pwnage of a router used by one of the bank&#8217;s regional branches.<\/p>\n<p>The router had tunnels that allowed the attackers to gain direct access to the bank&#8217;s local network. This approach has already been used by the group at least three times while attacking banks with regional branch networks, Group-IB said.<\/p>\n<p>When the criminals hacked the bank&#8217;s main network, they managed to gain access to AWS CBR (Automated Work Station Client of the Russian Central Bank), generate payment orders and send money in several tranches to mule accounts prepared in advance. PowerShell scripts were used to automate some stages of the hacking process.<\/p>\n<p>&#8220;On the evening of July 4, when bank employees found unauthorised transactions with large sums, they asked the regulator to block the AWS CBR digital signature keys, but failed to stop the financial transfers in time,&#8221; Group-IB reported. &#8220;Most of the stolen money was transferred to cards of the 17 largest banks on the same day and immediately cashed out by money mules involved in the final stage of money withdrawal from ATMs.&#8221;<\/p>\n<p>Although the hackers attempted to erase logs and hide their tracks, enough digital evidence was left behind for Group-IB experts to point a finger towards the likely suspects. Recommendations for prevention of similar attacks has been circulated to clients and partners of Group-IB, including the Central Bank of Russia.<\/p>\n<div class=\"promo_article\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/regmedia.co.uk\/2016\/10\/20\/shutterstock_russian_hackers.jpg?x=174&amp;y=115&amp;crop=1\" width=\"174\" height=\"115\" alt=\"Russian hacker\"\/><\/p>\n<h2 title=\"Subtly named group has gone largely unnoticed until now\">Russian hacker clan exposed: They&#8217;re called MoneyTaker, and they&#8217;re gonna take your money<\/h2>\n<p><a href=\"https:\/\/www.theregister.co.uk\/2017\/12\/11\/russian_bank_hackers_moneytaker\/\"><span>READ MORE<\/span><\/a><\/div>\n<p>Cybercriminals are actively targeting Russian banks and the PIR Bank case is far from isolated, Group-IB said.<\/p>\n<p>&#8220;This is not the first successful attack on a Russian bank with money withdrawal since early 2018,&#8221; said Valeriy Baulin, head of the digital forensics lab at Group-IB. &#8220;We know of at least three similar incidents, but we cannot disclose any details before our investigations are completed.&#8221;<\/p>\n<p>The first attack by MoneyTaker was recorded in spring 2016, when they stole money from a US bank after gaining access to the card-processing system (FirstData&#8217;s STAR). The group then went quiet for several months before resurfacing in an ongoing series of attacks primarily targeting Russian, US and (occasionally) UK banking organisations.<\/p>\n<p>According to Group-IB, up until December last year MoneyTaker had <a target=\"_blank\" href=\"https:\/\/www.theregister.co.uk\/2017\/12\/11\/russian_bank_hackers_moneytaker\/\">conducted<\/a> 16 attacks in the US, five attacks on Russian banks and one attack on a banking software company in the UK. The average damage caused by one attack in the US amounted to $500,000. In Russia, the average amount of money withdrawn is $1.2m per incident. In addition to money, the cybercriminals habitually steal documents about interbank payment systems needed to prepare for subsequent attacks. \u00ae<\/p>\n<h3 class=\"crosshead\"><span>Bootnote<\/span><\/h3>\n<p>MoneyTaker isn&#8217;t the only group of cybercriminals targeting banks in Russia. Two others (Cobalt and Silence) have also been active this year, according to Group-IB.<\/p>\n<p class=\"wptl btm\"><span>Sponsored:<\/span> <a href=\"https:\/\/go.theregister.co.uk\/tl\/1781\/shttps:\/\/www.mcubed.london\">M3: Machine Learning and AI conference brought to by The Register<\/a><\/p>\n<p>READ MORE <a href=\"http:\/\/go.theregister.com\/feed\/www.theregister.co.uk\/2018\/07\/20\/moneytaker_russian_bank_hack\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>MoneyTaker lives up to its name Hackers stole almost $1m from a Russian bank earlier this month after breaching its network via an outdated router.\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":7223,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-7222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-07-23T11:10:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"174\" \/>\n\t<meta property=\"og:image:height\" content=\"115\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch\",\"datePublished\":\"2018-07-23T11:10:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/\"},\"wordCount\":674,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/\",\"name\":\"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg\",\"datePublished\":\"2018-07-23T11:10:27+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/07\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg\",\"width\":174,\"height\":115},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/","og_locale":"en_US","og_type":"article","og_title":"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-07-23T11:10:27+00:00","og_image":[{"width":174,"height":115,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch","datePublished":"2018-07-23T11:10:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/"},"wordCount":674,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/","url":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/","name":"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg","datePublished":"2018-07-23T11:10:27+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/07\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch.jpg","width":174,"height":115},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cybercrooks-slurp-nearly-1m-from-russian-bank-after-pwning-router-at-regional-branch\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branch"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/7222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=7222"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/7222\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/7223"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=7222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=7222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=7222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}