Paytm payment gateway: over $14bn in stolen funds? A payment gateway service in India was hacked with record losses

Review of past events: financial systems hit by cyberattacks

A security breach at a leading fintech company was exploited by miscreants, leading to the theft of nearly RMB 150 million. A prominent Australian financial company lost RMB 550 million due to a cyber attack. Nepal's NIC Asia Bank's SWIFT server was hacked and 460 million Nepalese rupees were stolen. A retrospective report shows how cybercriminals launder money after stealing it.

Note: Follow-up investigations have revealed that the amount in the report may be inaccurate, and another statement said that the actual amount misappropriated was NRs 250 million. The report has been removed from the reference source thecyberexpress.

On 11 October, Security Reference reported on a major cybercrime incident that recently came to light. Hackers managed to infiltrate the accounts of Indian payment gateway service provider Safexpay (STPL) and stole more than 16.18 billion Nepalese rupees (approximately Rs. 14.184 billion or $1.944 billion).

Reports indicate that after the attack on Safexpay, the attackers carried out illegal operations to systematically transfer funds from multiple bank accounts, some of which were illegally transferred abroad over an extended period of time. The police in Thana, Maharashtra, India revealed this cyber attack on STPL.

Senior local officials have announced that the state's Srinagar Police Department has recorded a cyber attack on Safexpay and the cyber crime team in Tana city is assisting in the investigation.

Details of the hacking attack

The fraud case stemmed from a customer's complaint. The complainant alleged that unknown individuals infiltrated the six-year-old STPL payment gateway and transferred funds to hundreds of bank accounts.

The investigation into the STPL cyber attack traced the transfer of 25 million Nepalese rupees (about $300,000) from STPL to other accounts. The funds were deposited into an account maintained by Riyal Enterprises with HDFC Bank.

Riyal Enterprises is headquartered in Thana and has five branches in Thana and its suburbs. Police said, "Hackers took control of the company's custodian bank account with a reputed state-owned bank and transferred about 25 million Nepalese rupees to multiple unknown accounts."

Further investigation of Riyal Enterprises revealed a network of at least 260 accounts. These accounts were spread across a number of banks and were all linked to the financial fraud case.

The police conducted a preliminary investigation into these 260 accounts and found that about 160 billion Nepalese rupees (about $2 billion) had been misappropriated on a large scale, with most of the funds being transferred to foreign accounts.

The Tana police issued a statement saying they visited Riyal Enterprises and found multiple bank accounts and agreements.

This is not the first time such a cyber attack has occurred

The fraud has been going on for some time, according to reports of STPL cyber attacks. The public was not informed about the case until April this year when a complaint alleged the illegal transfer of more than 250 million Nepalese rupees.

Follow-up investigations revealed that the initial complaint was just the tip of the iceberg. The total amount involved in this fraud could be more than NRs 1,600 crore.

On Friday, the Nauhbada police filed a First Information Report (FIR) under various sections of the Indian Penal Code (IPC) and the Information Technology Act (ITA) against several people, including Jitendra Pandey, Sanjay Singh, Amol Andhale alias Aman and Sameer Dighe alias Kedar, for their involvement in the incident. "(FIR).

Tana Police and its cybercrime team are conducting an ongoing investigation into the Safexpay cyber attack.

However, it is worth noting that no arrests have been made yet. Among the suspects, Jitendra Pandey, who has nearly a decade of banking experience, could be the key figure.

Law enforcement agencies suspect that the cyberattack on Safexpay was far-reaching and may have involved many others. Some of them used forged documents to open bank accounts, while others used false material to set up five partnerships aimed at defrauding the Government.

India hit by cybercrime wave

Prior to this incident, a fraud gang from Himachal Pradesh had duped hundreds of investors in five years since 2018, making an illegal profit of over NRs 2 billion.

The suspects in the group attracted a large number of investors by promising high returns on Bitcoin investments in a short period of time.

This shows that the STPL cyber attack was not an isolated incident. Rather, it reflects the growing threat of cybercrime in India. Such incidents underscore the urgent need to strengthen cyber security measures and increase vigilance in the digital space.

Reference: https://thecyberexpress.com/safexpay-hacked-financial-fraud-unveiled/

Disclaimer: This article is from Security Reference and is copyrighted. The views expressed in the article are those of the author and do not represent the position of Security Reference. The purpose of reprinting is to convey more information. If there is any infringement of copyright, please contact 请联系[email protected].