The first known attack was in the spring of 2016, when MoneyTaker hit First Data's STAR network (the largest transfer messaging system for ATMs in the US). They also compromised Russia's AW CRB network, and swiped documents for OceanSystems' Fed Link system used by roughly 200 banks across the Americas. And in some cases, the group stuck around after the initial heist -- at least one US bank's documents were stolen twice, while the perpetrators kept spying on Russian bank networks.

While it's not clear who's behind MoneyTaker, you're only hearing about them now because they're particularly clever. They've repeatedly switched their tools and methods to bypass software, and have taken care to erase their tracks. For instance, they've 'borrowed' security certificates from the US federal government, Bank of America, Microsoft and Yahoo. One Russian bank did manage to spot an attack and return some of the ill-gotten gains.

This particular hack didn't directly affect users, since it was more about intercepting bank-to-bank transfers than emptying personal accounts. However, it illustrates both the sophistication of modern bank hacks and the vulnerability of the banks themselves. While it would be difficult to completely prevent hacks, it's clear that attackers are having a relatively easy time making off with funds and sensitive data.