Multiple banks in Russia, Japan, Europe and the United States have been compromised for two years since late 2013. A malicious email was sent to employees inside the bank. These emails were disguised as a news clip or message that came from a colleague but when clicked on would download malicious code. This code would then search across the bank’s network until it found an employee who managed the cash transfer system or remotely connected A.T.M.s. A remote access tool would then capture video and screenshots of those computers. This data would then be used to mimic their activities so they would not attract suspicion.
To extract the money random accounts would be used. These accounts would then have their balances inflated and have the difference of the original amount and the new amount transferred to a fake account in another bank. This would not attract suspicion from the account owner because they would not see their balance change. These two banks are J.P. Morgan Chase and the Agricultural Bank of China. The other method these hackers used to obtain the money was to have A.T.M.s spew out money at specified times.