Since at least 2015, the group has been using malware to steal money from its corporate victims.
"While we have not seen RTM activities outside of Russia and its neighbors, it would not come as a surprise to see them target other countries in the world," ESET researchers said in a blog post.
RTM’s malware searches through a business's computer network for a popular accounting software used to make bulk transfers and payments.
Once found, the criminals can steal these files and tweak them to get businesses to send funds to their own accounts.
The malware can also track keyboard strokes and smart cards entered into the system as well as monitor banking activities in real time.
These attacks were serious enough for FinCERT, the Russian organization responsible for fighting cyber crime, to issue a warning last year.
At least one other group, called Buhtrap, has launched attacks of this kind, specifically targeting business that use remote banking systems.
Â