The organisation, a Belgian co-operative owned by member banks, said that forensic experts believe the second case showed that the Bangladesh heist “was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks”.
Advertisement
News of a second case comes as authorities in Bangladesh and elsewhere investigate the February cyber theft from the Bangladesh central bank account at the New York Federal Reserve Bank.
The Society for Worldwide Interbank Financial Telecommunication, a cooperative that runs the global messaging system between banks, said the attack targeted a commercial bank and managed to send Swift messages using the bank’s valid codes.
SWIFT says it “was not responsible for any of the issues cited by the officials, or party to the related decisions”.
Researchers at BAE System claim that after gaining administrative rights at Bangladesh Bank, the hackers installed a piece of malware named evtdiag.exe which shielded the attackers by changing information on transfer requests made via Swift on the client interface used by the bank to track information about transfer requests.
The source who shared the document declined to provide access to its full contents, saying that the release of some details could hamper a multinational effort to catch the criminals and recover funds stolen in the February cyber attack.
That in and of itself isn’t entirely new given that Swift admitted in April that there had been repeated attempts to break into its messaging system, but it would appear that the security measures (including software updates) it has put in place since that time have not been effective in stopping the bad actors behind these attacks.
Global financial messaging network SWIFT announced late Thursday that it had been hit by a second malware attack, according to a Reuters report.
SWIFT also did not name the victim, and neither firm said whether any funds had been stolen.
Bloomberg News reported on Tuesday that investigators had found evidence that two of the three hacker groups in the Bangladesh attack were from Pakistan and North Korea, citing people briefed on the bank’s investigation.
Other central banks in developing nations reportedly have similar security holes, and indeed Swift recently warned that the Bangladesh affair was likely to be the tip of the iceberg. The U.S. government has blamed North Korea for the attack on Sony’s film studio, a charge Pyongyang has rejected.
Advertisement
BAE asserted the Operation Blockbuster connection after analyzing tens of millions of malicious file samples, but the report acknowledged there could be alternate explanations for the similarities.
