On Thursday, Symantec, specializing in cyber security, wrote in its blog that the hackers, stole in February funds from the Central Bank of Bangladesh’s account, are more likely involved in other financial cyber-attacks. Recall that in February of this year, hackers gained access to accounts of employees of the Central Bank of Bangladesh, and sent a series of requests for funds transfer. The money had been debited from the Central Bank’s accounts in the Federal Reserve Bank of New York. Employees of the Federal Reserve approved some transactions to the Philippines and Sri Lanka, so about $ 81 million went to Philippine casinos. According to Symantec, hackers had also launched an attack on a Philippine bank, which name is not reported, and attempted to steal $ 1 billion from the Vietnamese Tien Phong Bank. The cybercriminals used alike malware and other similar tools. Symantec also reported cyber-attacks on another bank - Ecuador's Banco del Austro. The crime resulted in $ 12 million stolen, but software used in this case is still unrecognized. As reported by Bloomberg, citing sources, presumably 12 banks have been robbed in total. Bangladesh Central Bank hired FireEye firm to investigate the situation, and it discovered new cases of attempts to steal money this way.
In all cases, the hackers sent bogus messages imitating messages of the international data exchange system for financial institutions SWIFT. A few weeks ago, SWIFT reported second major cyber-attack on a bank after the Central Bank of Bangladesh’s incident. "According to experts, new findings suggest that the malware used in the past case was not an isolated incident, but part of a broad and flexible campaign against the banks", - stated SWIFT afterwards.
According to Symantec, the software used in the cyberattacks on banks, was previously used by a group of hackers Lazarus. The attacks began in 2009, most of them was targeted on objects in the United States and South Korea. The same software was used in the attack on Sony Pictures in November 2014, when several films not yet released in the rental got in the public domain. FBI connects the attack on Sony with activities of North Korean cybercriminals. At the same time, according to experts, it would be difficult to link the cyber-attacks to North Korea, since FireEye has found no such connection. "It is difficult now to find a connection with the attack on Sony and those who stood behind it," - said technical director of Symantec Eric Chien. According to Mr. Chien, if experts confirm that the banks attacks came from North Korea, it would be the first known case where a state is stealing money via internet.
source: nytimes.com
In all cases, the hackers sent bogus messages imitating messages of the international data exchange system for financial institutions SWIFT. A few weeks ago, SWIFT reported second major cyber-attack on a bank after the Central Bank of Bangladesh’s incident. "According to experts, new findings suggest that the malware used in the past case was not an isolated incident, but part of a broad and flexible campaign against the banks", - stated SWIFT afterwards.
According to Symantec, the software used in the cyberattacks on banks, was previously used by a group of hackers Lazarus. The attacks began in 2009, most of them was targeted on objects in the United States and South Korea. The same software was used in the attack on Sony Pictures in November 2014, when several films not yet released in the rental got in the public domain. FBI connects the attack on Sony with activities of North Korean cybercriminals. At the same time, according to experts, it would be difficult to link the cyber-attacks to North Korea, since FireEye has found no such connection. "It is difficult now to find a connection with the attack on Sony and those who stood behind it," - said technical director of Symantec Eric Chien. According to Mr. Chien, if experts confirm that the banks attacks came from North Korea, it would be the first known case where a state is stealing money via internet.
source: nytimes.com