Science

$100M Bangladesh bank heist linked to hacks on Philippine bank, Sony Pictures

Hackers who stole $81 million US ($105 million) from Bangladesh's central bank have been linked to an attack on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures, cybersecurity company Symantec Corp said in a blog post.

Malware used in SWIFT bank messaging attacks similar to Sony Pictures hack, linked to North Korea

Fraudsters are gaining access to the email accounts of supervisors and targeting employees who have the authority to access and move money, RCMP say.
Symantec said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in Southeast Asia. One of the malicious programs has been previously associated with a hacking group known as Lazarus, which has been linked to the devastating attack on Sony's Hollywood studio in 2014. (iStock)

Hackers who stole $81 million US ($105 million) from Bangladesh's central bank have been linked to an attack on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures, cybersecurity company Symantec Corp said in a blog post.

The U.S. Federal Bureau of Investigation has blamed North Korea for the attack on Sony's Hollywood studio.

A senior executive at Mandiant, the cybersecurity company investigating the Bank Bangladesh heist, also told Reuters the hackers had recently penetrated banks in Southeast Asia.

In the blog post published on Thursday, Symantec did not name the Philippines bank or say whether any money was stolen, but said the attacks could be traced back to October last year. It did not identify the hackers.

The Philippines central bank's deputy governor, Nestor Espenilla, told Reuters that no bank in the country had lost 
money to hackers, although he did not rule out the possibility of cyber attacks.

"We are checking if there are similar attacks on Philippine banks," Espenilla said. "However, no reported losses so far."

He added: "It is one thing to be attacked. It is another to lose money."

Marshall Heilman, vice president for Mandiant, a part of U.S.-based FireEye, said it was not known whether any 
money was lost in the other attacks he described or whether the hackers had been successfully blocked.

4 known attacks on SWIFT

"There is a group operating in Southeast Asia that definitely understands the bank industry and is at more than one location," he said.

Commuters pass by the front of the Bangladesh central bank building in Dhaka in March. In February, thieves hacked into the SWIFT messaging system of the Bangladesh Bank and sent messages to the Federal Reserve Bank in New York, allowing them to steal $105 million. (Ashikur Rahman/Reuters)

Heilman declined to identify the country or countries, or the institutions attacked. He said it was the same group as the 
one involved in the Bank Bangladesh theft and that the attacks were recent, but declined to be more specific.

Central banks elsewhere in Southeast Asia - Singapore, Indonesia, Brunei, Myanmar, Laos, Cambodia, Vietnam, Thailand and East Timor - have declined comment or denied knowledge of any other breaches.

There have been at least four known cyber attacks against a bank involving fraudulent messages on the SWIFT payments network, one dating back to 2013. SWIFT, the Society for Worldwide Interbank Financial Telecommunication, urged banks this week to bolster their security, saying it was aware of multiple attacks.

Banks around the world use secure SWIFT messages for issuing payment instructions to each other.
 
SWIFT said earlier this week that February's Bangladesh Bank hack was a "watershed event for the banking industry" and that it was "not an isolated incident."

Spokeswoman Natasha de Teran said on Thursday that SWIFT was "actively looking into other possible instances of such fraud," but would not comment on individual entities.

Symantec said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in Southeast Asia.

Hacking group Lazarus

One of the malicious programs has been previously associated with a hacking group known as Lazarus, which has been linked to the devastating attack on Sony's Hollywood studio in 2014.

"There is a pretty hard connection now to the Sony attacks and the actor behind them" and the Bangladesh heist, Eric Chien, technical director at Symantec, said in an interview.

Another cybersecurity firm, BAE Systems, said this month that the distinctive computer code used to erase the tracks of hackers in the Bangladesh Bank heist was similar to code used to attack Sony.

Chien said that if North Korea was responsible for the hacks on banks via the SWIFT messaging network it would represent the first known episode of a nation-state stealing money in a cyberattack.

Policymakers, regulators and financial institutions around the world are stepping up scrutiny of the cyber security of the SWIFT payments system after hackers used it to make fraudulent transfers totaling $81 million US ($105 Million) out of Bank Bangladesh's account at the Federal Reserve Bank of New York.

Symantec and other researchers have also linked the hack to a failed attempt to use fraudulent SWIFT messages to steal from a commercial bank in Vietnam.

In addition, Reuters reported last week that Ecuador's Banco del Austro had more than $12 million US ($16 million) stolen from a Wells Fargo account due to fraudulent transfers over the SWIFT network.

Bangladesh police are also reviewing a nearly-forgotten 2013 cyber heist at the nation's largest commercial bank, Sonali Bank, for connections to the central bank heist, a senior law enforcement official told Reuters. The unsolved theft of $250,000 US ($326,000) at Sonali Bank also involved fraudulent transfer requests sent over the SWIFT network.