Russian authorities arrest suspects in Russia central bank cyberheist, bank official says

Russian authorities arrested multiple suspects in May linked to the cybertheft of $19m (£15m) from bank accounts held at the Russian central bank, a bank official said on Wednesday (7 December), Reuters reports.

Last week, bank officials confirmed that hackers attempted to make away with 2.87bn rubles from the Russian central bank as well as accounts in commercial banks. It did not specify when the recently revealed attack occurred or identify the cybercriminals.

However, the bank was able to stop them and recover 1.67bn rubles ($26m).

The central bank said last week that hackers broke into an electronic system operated by the central bank by using fake client credentials to steal money from correspondents' accounts at the Bank of Russia this year.

Deputy head of the Bank of Russia Artyom Sychyov told Reuters that the Federal Security Service (FSB) and the Interior Ministry ran a joint operation following the cyberheist, noting that a "large number of people were arrested."

On 1 June, the FSB said it detained, together with the police, more than 50 hackers suspected of the cybertheft of 1.7bn rubles ($27m) from unnamed Russian financial institutions, Russian news agency TASS reported.

Sychyov also noted that the cyberattack on the central bank was restricted to third-party correspondent accounts, adding that "the payment system of the Bank of Russia cannot in any way be implicated."

Last Friday, the central bank released a financial stability report that mentioned the attack. Sergei Moiseyev, head of the department for financial stability that was responsible for the report, was shifted to a new position as adviser to the bank's governor on reform of the leasing industry, Reuters reports. The central bank did not respond directly to the publication's inquiry whether the move was connected to the report's mentioning of the cyberattack.

"Cyber risks potentially can have severe implications for the financial system," the report said. "In this respect the efforts of credit institutions to improve their information systems and other risk management aspects, as well as information exchange on cyber-attacks with regulators and other market participants, gain more importance."

There have been a series of cyberattacks targeting financial institutions around the world this year.

Earlier this year, hackers stole $81m from the central bank of Bangladesh by targeting its access to Swift, the global banking industry's messaging service. In 2015, Ecuador also suffered a similar attack in which cybercriminals swiped around $9m, according to a little known lawsuit. Cyberthieves also attempted to steal funds using Swift from a commercial bank in Vietnam last December.