Russian Cyber Gangs Linked To Bank Robberies

Benglaesh Central Bank Swift Code

Investigators have linked malware used by Russian and eastern European cyber-gangs to a string of bank thefts that culminated in the record-breaking theft of $81 million from Bangladesh’s central bank, according to people familiar with the probe.

The tools used in some of the attacks on as many as 12 banks, mostly in Southeast Asia, match those deployed by the so-called Dridex crime gangs, said the people, who asked not to be identified because the investigation is confidential. They operate in Russia and former parts of the Soviet Union including Moldova and Kazakhstan.

North Korean hackers have been implicated in the Bangladesh attack because the malicious software, or malware, used suggested a link between that attack and the breach of Sony Pictures Entertainment Inc.’s network in 2014, which US officials blame on that nation. While the presence of code used in previous attacks may indicate the involvement of Dridex or North Korea, it could also mean that the malware is being sold to other parties on the black market, one of the people said.

E-mail Infiltration

Finding malware bearing signs of Russian gangs makes attributing the source of the attacks even more complicated for authorities, who now have evidence pointing to the potential involvement of both nation states with a history of hacking and criminal organizations that make their living stealing from businesses.

Criminals exploited weaknesses in banks’ cyber-defenses to try to steal almost $1 billion from Bangladesh’s central bank in February and to take $12 million from an Ecuadorean lender in January 2015. An attack late last year on a Vietnamese bank was foiled. In all three incidents, the perpetrators got access to the codes the banks use to connect to the Swift global payments network and used them to request fund transfers that were directed elsewhere.

Dridex, which is used to identify the malware as well as the group that employs it, is spread through e-mails that infiltrate target computers and harvest personal information such as usernames and passwords, which can then be used to gain access to privileged networks. First spotted in 2014, Dridex is one of the most serious online threats facing consumers and businesses, according to security firm Symantec Corp.

Working Week

The disciplined and highly organized gang behind the malware operates in many ways like an ordinary company, following a Monday-to-Friday working week and even taking time off for Christmas, Symantec said in a February report.

In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake Swift messages into wiring money it held for the country to hacker-controlled accounts in the Philippines. Hackers impersonated bank officials to send the messages, and they deployed malware targeting a PDF reader used to check statements.

Nathasha de Teran, a spokeswoman for SWIFT, which is the acronym for the Society for Worldwide Interbank Financial Telecommunication, declined to comment.

FireEye Inc., the security firm hired by the Bangladesh bank, has been contacted by as many as 12 other banks that are concerned that hackers may have breached their networks in a similar fashion, a person familiar with the approaches said last month. There was no indication that money was taken.

Information-Management:  

« The Cyberwar Frontier In Korea
Charge Companies for Cyber Security Failures »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

International Association for Cryptologic Research (IACR)

International Association for Cryptologic Research (IACR)

(IACR is a non-profit scientific organization whose purpose is to further research in cryptology and related fields.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

e2e-assure

e2e-assure

e2e Protective Monitoring and Security Operations Centre (SOC) Service is a complete cyber defence service to protect your critical assets from cyber attacks and GDPR breaches.

Rogue Wave Software

Rogue Wave Software

At Rogue Wave, our mission is to simplify your hardest problems, improve software quality and security, and shorten the time it takes to deliver value.

SAASPASS

SAASPASS

SAASPASS is a full-stack identity and access management solution, a single product which allows you to manage all your digital and physical access needs securely and conveniently.

Real Random

Real Random

Real Random is on a mission to enhance existing and new crypto-systems with its revolutionary solution to generating numbers that are Truly Random.

Data Terminator

Data Terminator

Data Terminator provide a comprehensive range of secure data destruction equipment and services are in compliance to US Department of Defense (DoD) and National Security Agency (NSA) standards.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Uptycs

Uptycs

Uptycs combines the open source universal agent, osquery, with a scalable security analytics platform for fleet visibility, intrusion detection, vulnerability monitoring and compliance.

Future Technology Systems Company (FutureTEC)

Future Technology Systems Company (FutureTEC)

FutureTEC is a leading Information Technology Solutions Provider, delivering world-class Information Security, Information Management, and Business Solutions.

CyberHunter Solutions

CyberHunter Solutions

CyberHunter is a leading website security company that provides penetration testing, Network Vulnerability Assessments, cyber security consulting services to prevent cyber attacks.

Realsec

Realsec

RealSec is an international company and is a developer of encryption and digital signature systems and Blockchain for the Banking and Methods of Payment sectors, Government and Defense and Multisector

Lucata

Lucata

Lucata solutions support groundbreaking graph analytics and improved machine learning for organizations in financial services, cybersecurity, healthcare, pharmaceuticals, telecommunications and more.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.

ARC Risk and Compliance

ARC Risk and Compliance

ARC Risk and Compliance is a consulting company comprised of a team of AML Specialists completely focused on anti-money laundering compliance and the technologies used to support compliance programs.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.