Security company Symantec revealed on Tuesday (Oct. 11) that, since the start of the year, a malware campaign, dubbed Trojan.Odinaff, has been targeting a number of financial organizations around the world.
According to a blog post, Symantec said the attacks appear to be “extremely focused” on companies operating in banking, securities, trading and payroll industries. Companies that provide support services to those industries also appear to be targets.
“Odinaff is typically deployed in the first stage of an attack, to gain a foothold onto the network, providing a persistent presence and the ability to install additional tools onto the target network,” wrote Symantec in the post. “These additional tools bear the hallmarks of a sophisticated attacker which has plagued the financial industry since at least 2013 — Carbanak. This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns.”
Symantec went on to note that the attacks “require a large amount of hands-on involvement, with methodical deployment of a range of lightweight back doors and purpose-built tools onto computers of specific interest.” What’s more, Symantec said there appears to be a heavy investment in the coordination, development, deployment and operation of these tools during the attacks. While these types of attacks are hard to pull off, they can be highly lucrative for the bad guys. Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars, Symantec noted. The blog post went on to say that the attacks involving Odinaff started in January of this year and hit a wide range of regions, with the U.S. as the most frequent target. Hong Kong, Australia, the U.K. and Ukraine were also targets of the attack. Most of the targets were financial companies, accounting for 34 percent of the attacks.