Cyber Incident Victim: Energobank

In February 2015, Russian-language hackers deployed the Corkow Trojan malware to compromise the systems of Energobank, a regional bank based in Kazan, Russia. The attackers used this intrusion to place fraudulent currency orders exceeding $500 million at non-market rates. These transactions were executed rapidly, within minutes, and deliberately deviated from prevailing market conditions. The scale and timing of these orders were designed to manipulate the ruble-dollar exchange rate. Group-IB, a Moscow-based cybersecurity firm hired to investigate the incident, identified the malware as the primary attack vector but did not publicly attribute the attack to specific individuals or groups. The malicious activity occurred despite existing security measures at the bank, though the exact method of initial compromise remains undisclosed in available reports.

The fraudulent orders caused an artificial swing of more than 15% in the ruble-dollar exchange rate during the attack window. This abrupt fluctuation triggered scrutiny from the Central Bank of Russia, which launched an investigation into potential market manipulation. The incident highlighted vulnerabilities in financial infrastructure to targeted cyber operations aimed at influencing macroeconomic indicators. No collateral damage to other institutions or subsequent attacks linked to this event were reported in the available source material. Energobank’s engagement of Group-IB represented a containment measure to analyze the breach and mitigate further unauthorized access. The central bank’s response focused on assessing market integrity rather than imposing public sanctions or disclosing corrective actions taken by the affected institution.