Russian-speaking Hackers are suspected of stealing nearly $10m (£7.5m) from 20 companies in Russia, the UK and US.
It also stole documentation for technology used by more than 200 banks in the US and Latin America.
The documents could be used in future attacks by the hackers, according to the report.
Group-IB has worked with both Europol and the Russian government to investigate cybercrime.
Kevin Curran, an independent expert and professor of cybersecurity at Ulster University, said the attacks were "as sophisticated as it gets at this moment in time".
"It really is perfect in some ways," he told the BBC. "They're able to compromise systems and then extract all the documents for how a banking system works so that they have the intelligence needed to produce fraudulent payments."
MoneyTaker - named by Group-IB after the group's custom malware - has reportedly netted an average of $500,000 in 16 attacks against US companies and $1.2m in three attacks against Russian banks since May 2016.
It also targeted a UK-based software and service provider in December 2016, according to the report.