Russian Cyber Gangs Linked To Bank Robberies

Benglaesh Central Bank Swift Code

Investigators have linked malware used by Russian and eastern European cyber-gangs to a string of bank thefts that culminated in the record-breaking theft of $81 million from Bangladesh’s central bank, according to people familiar with the probe.

The tools used in some of the attacks on as many as 12 banks, mostly in Southeast Asia, match those deployed by the so-called Dridex crime gangs, said the people, who asked not to be identified because the investigation is confidential. They operate in Russia and former parts of the Soviet Union including Moldova and Kazakhstan.

North Korean hackers have been implicated in the Bangladesh attack because the malicious software, or malware, used suggested a link between that attack and the breach of Sony Pictures Entertainment Inc.’s network in 2014, which US officials blame on that nation. While the presence of code used in previous attacks may indicate the involvement of Dridex or North Korea, it could also mean that the malware is being sold to other parties on the black market, one of the people said.

E-mail Infiltration

Finding malware bearing signs of Russian gangs makes attributing the source of the attacks even more complicated for authorities, who now have evidence pointing to the potential involvement of both nation states with a history of hacking and criminal organizations that make their living stealing from businesses.

Criminals exploited weaknesses in banks’ cyber-defenses to try to steal almost $1 billion from Bangladesh’s central bank in February and to take $12 million from an Ecuadorean lender in January 2015. An attack late last year on a Vietnamese bank was foiled. In all three incidents, the perpetrators got access to the codes the banks use to connect to the Swift global payments network and used them to request fund transfers that were directed elsewhere.

Dridex, which is used to identify the malware as well as the group that employs it, is spread through e-mails that infiltrate target computers and harvest personal information such as usernames and passwords, which can then be used to gain access to privileged networks. First spotted in 2014, Dridex is one of the most serious online threats facing consumers and businesses, according to security firm Symantec Corp.

Working Week

The disciplined and highly organized gang behind the malware operates in many ways like an ordinary company, following a Monday-to-Friday working week and even taking time off for Christmas, Symantec said in a February report.

In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake Swift messages into wiring money it held for the country to hacker-controlled accounts in the Philippines. Hackers impersonated bank officials to send the messages, and they deployed malware targeting a PDF reader used to check statements.

Nathasha de Teran, a spokeswoman for SWIFT, which is the acronym for the Society for Worldwide Interbank Financial Telecommunication, declined to comment.

FireEye Inc., the security firm hired by the Bangladesh bank, has been contacted by as many as 12 other banks that are concerned that hackers may have breached their networks in a similar fashion, a person familiar with the approaches said last month. There was no indication that money was taken.

Information-Management:  

« The Cyberwar Frontier In Korea
Charge Companies for Cyber Security Failures »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Foundation for Strategic Research (FRS)

Foundation for Strategic Research (FRS)

The Foundation for Strategic Research is France's main independent think tank on strategic, defense and security issues. Cyber security is covered as part of the study areas.

Cybertrust Japan

Cybertrust Japan

Cybertrust Japan provides a comprehensive security certification and digital authentication service, enabling customers to build and manage highly secure IT infrastructures.

Thermo Systems

Thermo Systems

Thermo Systems is a design-build control systems engineering and construction firm. Capabilties include industrial control system cybersecurity.

Circadence

Circadence

Circadence offer the only fully immersive, AI-powered, patent-pending, proprietary cybersecurity training platform in the market today.

Zeguro

Zeguro

Zeguro provides complete cybersecurity risk assessment, mitigation and insurance, allowing you to easily manage your cyber risk.

Capsule8

Capsule8

Capsule8 is the only company providing high-performance attack protection for Linux production environments.

Cryptoloc

Cryptoloc

Cryptoloc's core business is developing solutions designed to protect businesses from all kinds of security threats using a unique patented cryptography.

Ukrainian Academy of Cyber Security (UACS)

Ukrainian Academy of Cyber Security (UACS)

UACS is a professional non-profit public organization established to promote the development of an extensive network and ecosystem of education and training in the field of cyber security.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Strike Graph

Strike Graph

The Strike Graph GRC platform enables Security Audits & Certifications.

Polymer

Polymer

Polymer is a Data Governance & Privacy Platform for third party SaaS apps. A modern Data Loss Protection (DLP) approach to remove sensitive data exposure on collaboration tools in real-time.

ramsac

ramsac

ramsac provide secure, resilient IT management, cybersecurity, 24 hour support and IT strategy to businesses in London and the South East.

Spotit

Spotit

Spotit offers a wide-ranging portfolio of technologies and services, from consultancy, assessments and pentesting to the set up of completely new security and network infrastructures.

Airiam

Airiam

Airiam provides cybersecurity, managed IT, consulting, incident response, and digital transformation services so you can focus on what matters most.

Eventus Security

Eventus Security

Eventus, are a team of highly skilled professionals who are committed to deliver excellence in next generation cyber security services and customized solutions for your enterprise.

Tyto Athene

Tyto Athene

At Tyto Athene, we harness the power of technology to provide solutions that shape the future.