Group-IB and Fox-IT said that the Anunak hacker group is associated with cyber theft from banks in Russia, Ukraine, Belarus and Georgia, among other countries, and from retailers in the US and Europe.
“Anunak is unique in the fact that it targets banks and e-payment systems,” the security firms said in a joint report (PDF).
“The goal is to get into bank networks and gain access to secured payment systems. As a result, the money is stolen not from the customers, but from the bank itself.”
The attacks gain access to target systems through spear phishing emails, and are thought to have netted around $17m so far, most of it in the past six months.
It is believed that the malware has been installed in cash machines, and could be activated at any time, according to the report.
The gang has also ventured into other areas, including compromising media groups and other organisations for the purposes of industrial espionage or to gain a trading advantage on the local stock market.
“We have seen criminals branching out for years, for example with point-of-sale malware,” said Andy Chandler, Fox-IT’s senior vice president and general manager.
“Anunak has capabilities which pose threats across multiple continents and industries. It shows there’s a grey area between advanced persistent threats and botnets.
“The criminals’ pragmatic approach once more starts a new chapter in the cybercrime ecosystem.”