Swift, the interbank messaging system embroiled in one of the largest cyber heists in history, warned customers that hackers have struck again, attacking a commercial bank client that it didn't name.
The details of a second hack follow a cyber theft in February, when more than $80 million was stolen from Bangladesh's account at the Federal Reserve Bank of New York. Swift last month warned users last month that it was aware of several similar attacks.
This time, the hackers used malware to target a PDF reader used by the customer to check its statement messages, Swift said on Friday. A Swift spokesman declined to reveal the name of the bank, but a U.K.-based security firm, BAE Systems Plc, said in a blog post that it believes the second victim is a commercial bank in Vietnam. BAE isn't directly involved in the investigation, but analyzed malware samples uploaded to public repositories from locations in both Bangladesh and Vietnam and found a match.
BAE said details in the code from the Bangladesh and Vietnam hacks also match a third breach, the devastating 2014 attack on Sony Pictures, which U.S. officials attributed to North Korea. BAE said the match indicates that the same hackers may be behind all three attacks.
“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks,” Swift said in a statement. “The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks –- knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.”
In its warning, Swift said customers using PDF reader applications to check confirmation messages should take particular care. Hundreds of billions of dollars are moved internationally through the Swift system every day.
Investigators examining the theft from Bangladesh's central bank have uncovered evidence of three hacking groups — including a group linked to North Korea — inside the bank's network but say it was an unidentified group that pulled off the heist, people familiar with the bank's internal investigation said earlier this week. The attempted theft of almost $1 billion has prompted central banks around the globe to review defenses against hackers.
The theft investigation has turned into a massive global manhunt involving Interpol and the Federal Bureau of Investigation. The FBI suspects an insider with access to the Bangladesh bank's technology may have aided in the heist, according to the person briefed on the investigation.
“Malicious insiders or external attackers have managed to submit Swift messages from financial institutions' back offices, PCs or workstations connected to their local interface to the Swift network,” Swift said. “The modus operandi of the attackers is similar in both cases.”
Bloomberg
Copyright 2018 Bloomberg. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed.
Complete your profile to continue reading and get FREE access to Treasury & Risk, part of your ALM digital membership.
Your access to unlimited Treasury & Risk content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- Thought leadership on regulatory changes, economic trends, corporate success stories, and tactical solutions for treasurers, CFOs, risk managers, controllers, and other finance professionals
- Informative weekly newsletter featuring news, analysis, real-world case studies, and other critical content
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical coverage of the employee benefits and financial advisory markets on our other ALM sites, PropertyCasualty360 and ThinkAdvisor
Already have an account? Sign In Now
*May exclude premium content© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
