Hackers of US banker JPMorgan Chase had sent data stolen from the bank to a Russian city via a global network of computers available for hire, it has been revealed.
Bloomberg, citing people familiar with the probe, reported that the bank's own investigators have found clues that a constellation of computers was used to attack the bank.
The investigators have identified what they believe to be the assault's staging ground, called a "bulletproof" hosting platform because of its resilience to other attackers and to law enforcement, Bloomberg reported, citing one of the sources.
The report added that hackers used a network of servers without their real owners' knowledge. The servers, known as hop points, bounce the stolen data to other computers, making it harder for the bank's monitoring systems to detect a pattern as data is slowly extracted.
In addition, it would become difficult for investigators to trace the destination of stolen files once the breach is discovered.
The revelation suggests that cyber criminals are using increasingly sophisticated methods of hacking, making it really difficult for companies to defend such attacks.
The "successful" hacking at JPMorgan is separately being investigated by the Federal Bureau of Investigation and the National Security Agency.
Such cybercrime operations have been run by powerful figures and protected by Russian authorities, James Lewis, a senior fellow at the Center for Strategic and International Studies in Washington, told Bloomberg.
"All the Internet traffic in the country flows through FSB servers," said Lewis, referring to Russia's Federal Security Service, the principal security agency of the Russian Federation.
"It's just impossible for something this big and prolonged to occur without the Russian government knowing," he added.
"Did the Russian government know this was going on? Yes. Did they direct it? We don't know."
However, Russian President Vladimir Putin's spokesman denied any Russian involvement in the hacking of JPMorgan, when contacted by Bloomberg.
JPMorgan is working with law enforcement authorities to determine the scope of the attack.