Financial Fraud Targeting Italian Corporate Banking Clients

Cybersecurity experts and the Italian National Cybersecurity Agency (ACN) have warned about a surge in cyberattacks targeting corporate banking clients and computer servers worldwide. Recent reports have unveiled a global ransomware hacking campaign that focuses on exploiting VMware ESXi servers. At the same time, Italian corporate banking clients face the persistent threat of financial fraud through a web-inject toolkit known as drIBAN.


Researchers have shed light on the ongoing financial fraud campaign active since 2019. The primary weapon in this operation is drIBAN, a web-inject toolkit designed to infect Windows workstations within corporate environments. The malicious actors behind drIBAN aim to manipulate legitimate banking transfers by victims, diverting funds to illegitimate bank accounts.

The threat actors or their affiliates take control of these accounts and are responsible for laundering the stolen funds. Fraudsters leverage an Automated Transfer System (ATS) to effectively bypass anti-fraud mechanisms employed by banks, initiating unauthorized wire transfers directly from the victims' computers.

What sets the operators behind drIBAN apart is their growing expertise in evading detection and devising sophisticated social engineering strategies. Additionally, these attackers have demonstrated the ability to establish prolonged footholds within corporate bank networks, making their fraudulent activities even more potent.

Researchers have observed a significant evolution in the tactics employed by "banking trojan" operations this year, indicating a shift towards an advanced persistent threat. Additionally, there are signs suggesting a connection between this recent campaign and a prior attack in 2018. The previous incident, previously linked to an actor known as TA554 by Proofpoint, targeted individuals located in Canada, Italy, and the U.K.


Popular posts from this blog

Unauthorized Citrix Access Leak is Detected for Ignazio Messina & C SpA

Image
In a hacker forum an unauthorized citrix access leak is detected allegedly belongs to Ignazio Messina & C SpA. https://www.messinaline.it/ Target Share credentials, access doors to internal company tools. All tested and working Credit depends on content Content Servers Accesses (Citrix) You must either reply or click 'Like' to see the hidden information contained here. ===============CITRIX CONNECTION============================== fm Internet: cloud.messinaline.it OR https://cloud.messinaline.it/vpn/index.html user: *** pass: *** *** ***
Read more

Database of Generali Group is Leaked

Image
 In a hacker forum a new alleged database leak is detected for Generali Group. Hello *** Community, Today I have uploaded the GENERALI Insurance company Database for you to download, thanks for reading and enjoy! GENERALI is one of the biggest Bulgarian Insurance companies. In 2020 they were breached by the well known Bulgarian hacker "Emil Kyulev". This Database is really hard to find, as on almost all known forums the links are expired. • Contains 861 Files, 5 Folders Download: https://*** Sample: id,file_id,parent_id,ucc,zip,iban,email,phone,vatin,level,address,changes,company,location,password,username,is_active,last_name,created_on,first_name,patronymic,failed_login,new_password,representation,general_representation 2,1,NULL,5809250919,8500,BG89STSA93000000135452,NULL,NULL,NULL,4,"УЛ.""П.ВОЛОВ"" 8",NULL,Дженерали Застраховане АД,АЙТОС,836074a97f924a9cfc8d3f60d5fa2ea9,galina.ivanov,2,ИВАНОВ,2011-03-07 15:44:35,ГАЛИНА,ЙОРДАНОВА,0,qy6fpyik7,Айт
Read more