Authentication credential stealing malware called "Black Energy" was reported to have been used to pilfer millions of dollars earlier this year form CitiBank, the banking arm of CitiGroup.
Reports from several news organizations suggest the infamous "Russian Business Network" is behind the heist, and that the FBI has begun investigating the theft, though officials at CitiGroup have denied the events ever took place.
“Any allegation that the FBI is working on a case at Citigroup involving a breach of Citi systems resulting in tens of millions of dollars of losses is false,” CitiGroup said. “There has been no breach and there have been no associated losses.”
A former member of the World Bank's security team stated that the vast majority of heists targeting large institutions are being conducted virtually, and that the financial sector is "hemorrhaging funds".
This is not the first big heist to be reported and denied by the financial industry, and it certainly will not be the last. Criminal networks methodically probe for weaknesses in networks, and regularly exploit vulnerabilities in systems at every level.
Once a vulnerability is identified, criminal networks can either move swiftly and in a highly coordinated manner to siphon funds in a matter of hours, or slowly over a long period of time to avoid detection.