A group of hackers stole $45 million from two Middle Eastern banks in a matter of hours, according to the US Justice Department.
The heist worked by first hacking into two unnamed card payment processing companies, one based in India, the other in the US.
Having done that, the hackers were able to change the withdrawal limit on a number of prepaid debit card issued by the Bank of Muscat of Oman and National Bank of Ras Al Khaimah PSC, prosecutors allege.
These cards were distributed to accomplices in 24 countries around the world. They withdrew $40 million from the Bank Of Muscat, and $5 million from the National Bank of Ras Al Khaimah PSC, through 40,500 ATM withdrawals.
Seven suspects have been arrested. An eighth, allegedly the leader, is reported to have been murdered in the Dominican Republic.
Mastercard, which distributed the prepaid cards, said it has co-operated with US law enforcement on their investigation but that its systems were not compromised during the attack.
"In the place of guns and masks, this cyber crime organisation used laptops and the Internet," said attorney Loretta Lynch said at a press conference, Reuters reports. "Moving as swiftly as data over the Internet, the organisation worked its way from the computer systems of international corporations to the streets of New York City."
The incident underlines the pivotal role that payment processing companies play in the digital economy, and how important it is that they remain secure.
In April last year, payments processor Global Payments revealed that details of 1.5 million credit cards were stolen from its IT systems. As a result, VISA and MasterCard dropped the company from their list of approved processors.