- Hackers used malware to target PDF reader of commercial bank
- Warning comes after cyber heist from Bangladesh central bank
Swift, the inter-bank messaging system embroiled in one of the largest cyber heists in history, warned customers that hackers have struck again, attacking a commercial bank client that it didn’t name.
The details of a second hack follow a cyber theft in February, when more than $80 million was stolen from Bangladesh’s account at the Federal Reserve Bank of New York. Swift warned users last month that it was aware of several similar attacks.
This time, the hackers used malware to target a PDF reader used by the customer to check its statement messages, Swift said on Friday. A Swift spokesman declined to reveal the name of the bank, but a U.K.-based security firm, BAE Systems Plc, said in a blog post that it believes the second victim is a commercial bank in Vietnam. BAE isn’t directly involved in the investigation, but analyzed malware samples uploaded to public repositories from locations in both Bangladesh and Vietnam and found a match.
BAE said details in the code from the Bangladesh and Vietnam hacks also match a third breach, the devastating 2014 attack on Sony Pictures, which U.S. officials attributed to North Korea. BAE said the match indicates that the same hackers may be behind all three attacks: "This adds a significant lead to the investigation," BAE said in its post. An earlier report by the company probing the hack for the bank came to a different conclusion, according to a person briefed on the investigation.
“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks,” Swift said in a statement. “The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks –- knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both.”
In its warning, Swift said customers using PDF reader applications to check confirmation messages should take particular care. Hundreds of billions of dollars are moved internationally through the Swift system every day.
Investigators examining the theft from Bangladesh’s central bank have uncovered evidence of three hacking groups -- including a group linked to North Korea -- inside the bank’s network but say it was an unidentified group that pulled off the heist, people familiar with the bank’s internal investigation said earlier this week. The attempted theft of almost $1 billion has prompted central banks around the globe to review defenses against hackers, along with calls by U.S. government officials to beef up security.
In the latest hack, insiders or external attackers managed to submit Swift messages from financial institutions’ back offices, PCs or workstations connected to the Swift network, Swift said. “The modus operandi of the attackers is similar in both cases,” it said.
The theft investigation has turned into a massive global manhunt involving Interpol and the Federal Bureau of Investigation. The FBI suspects an insider with access to the Bangladesh bank’s technology may have aided in the heist, according to the person briefed on the investigation.
“I remain concerned that there are critical security gaps in the international payment system,” Carolyn Maloney, a Democrat House member from New York, said today in a statement about the New York Federal Reserve’s response to the Bangladesh hack. “I will be urging the New York Fed to expedite its review of its security protocols to ensure that this kind of brazen cyber heist doesn’t happen again.”
(A previous version of this article was corrected to reflect that Rep. Maloney’s remarks were in a statement, not in a letter.)