General description
The RTM cybercrime group began its activity in 2015 and it attacks organizations from various sectors, to steal cash from accounts, confidential documents and accounts. The group uses malware that it develops itself. The group's malware does not have a static control server; it receives it through the blockchain.
Objectives
- Cash theft
- Confidential data
- Account theft
Tools
- RTM downloader
- RTM backdoor
- Pony stealer
- Azorult stealer
Targeted countries
Kazakhstan
Russia
Targeted sectors:
- The finance sector
- The energy sector
- State sector
- Information technologies
- Industrial sector