05-16-2016 , 04:20 AM
Vietnamese bank hit by same Bangladesh Bank, Sony malware
Months after Bangladesh's central bank lost $81 million in a massive cyber heist, SWIFT, the global financial messaging service, reported on Friday a similar malware attack on another bank.
SWIFT, the Society for Worldwide Interbank Financial Telecommunication headquartered in Belgium, did not name the bank. However BAE Systems, a U.K. defence, aerospace, and security company reported on its threat research blog that a Vietnamese commercial bank was the target.
"What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign," the BAE blog said. "This led to the identification of a commercial bank in Vietnam that also appears to have been targeted in a similar fashion using tailored malware, but based off a common code-base."
Source
Related Story from BBC
About SWIFT
Months after Bangladesh's central bank lost $81 million in a massive cyber heist, SWIFT, the global financial messaging service, reported on Friday a similar malware attack on another bank.
SWIFT, the Society for Worldwide Interbank Financial Telecommunication headquartered in Belgium, did not name the bank. However BAE Systems, a U.K. defence, aerospace, and security company reported on its threat research blog that a Vietnamese commercial bank was the target.
"What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign," the BAE blog said. "This led to the identification of a commercial bank in Vietnam that also appears to have been targeted in a similar fashion using tailored malware, but based off a common code-base."
Quote:BAE did not say when the second attack took place, nor did it confirm that the Vietnamese bank mentioned was the one referred to by SWIFT. Neither company said if funds had been stolen or the amounts involved.
The Bangladesh Bank cyber heist occurred in early February. Unidentified hackers attempted to steal $951 million from the central bank's account at the Federal Reserve Bank of New York and channel the funds to accounts in the Philippines and Sri Lanka. The New York bank halted transfers worth $850 million when criminal activity was detected. A receiving bank in Sri Lanka also rejected a $20 million transfer because the beneficiary's name was misspelled.
The remaining $81 million was wired to four accounts at a branch of Rizal Commercial Banking Corporation in the Philippines and transferred to a single account at the same bank for laundering through casinos in the Philippines.
Researchers at BAE say the malware used to attack both banks seems to be identical to that used in the attack on Japan's Sony Pictures Entertainment in 2014. "Who the coder is, who they work for, and what their motivation is for conducting these attacks cannot be determined from the digital evidence alone," BAE said. "However, this adds a significant lead to the investigation."
Source
Related Story from BBC
About SWIFT