20 July 2018
Visit www.avoka.com

BAE links Taiwanese bank attack to North Korea

17 October 2017  |  5794 views  |  0 Spiders computer virus

Cybersecurity researchers at BAE System believe that a hacking crew operating out of North Korea were behind a recent malware and money-moving attack on Far Eastern International Bank in Taiwan.

In a case reminiscent of the infamous Bangladesh Bank heist, the culprits had compromised the Far Eastern terminal connected to the international Swift network and sent a series of doctored messages to transfer funds into accounts at multiple overseas banks.

BAE systems says that since the attack, various samples have been uploaded to malware repositories which appear to originate from the intrusion. These include group tools bearing the fingerprints of the North Korean-based Lazarus hacking group, as well as a rare ransomware variant called ‘Hermes’ which may have been used as a distraction or cover-up for the security team whilst the heist was occurring.

Having mapped out the bank's network and identified the interface to Swift, the attackers appear to have created MT103 messages to transfer funds to Cambodia, the US, and Sri Lanka coupled with MT202COV messages to order the movement of funds to the beneficiary institution via another bank intermediary.

Although media reports initially suggested $60 million was looted by the attackers, the reality is a little more prosaic.

"The content of these messages was syntactically correct but the values in specific fields were wrong. As a result, they were received by the intermediary bank but had no further influence on the funds transferred to the beneficiary accounts," says BAE Systems. "Reports of $60M being stolen appear to be due to confusion over these latter messages, and the amounts actually stolen were considerably lower. Most of these appear to have been recovered."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Sibos 2017: Swift CEO claims cyberthreats becoming 'manageable nuisance'

Sibos 2017: Swift CEO claims cyberthreats becoming 'manageable nuisance'

16 October 2017  |  9780 views  |  0 comments | 5 tweets | 3 linkedin
Taiwan's Far Eastern International Bank suffers malware attack

Taiwan's Far Eastern International Bank suffers malware attack

10 October 2017  |  19270 views  |  0 comments | 16 tweets | 22 linkedin
EastNets adopts AI to monitor Swift traffic for fraudulent messages

EastNets adopts AI to monitor Swift traffic for fraudulent messages

14 June 2017  |  10373 views  |  0 comments | 4 tweets | 12 linkedin
Swift launches cyber-threat intelligence service

Swift launches cyber-threat intelligence service

15 May 2017  |  15113 views  |  0 comments | 11 tweets | 15 linkedin
Swift and EastNets deny hacker claims that NSA infiltrated back door to spy on Mid East banks

Swift and EastNets deny hacker claims that NSA infiltrated back door to spy on Mid East banks

18 April 2017  |  8488 views  |  0 comments | 5 tweets | 7 linkedin
Swift introduces tool to help banks spot fraudulent messages

Swift introduces tool to help banks spot fraudulent messages

12 April 2017  |  8629 views  |  1 comments | 6 tweets | 18 linkedin
Kaspersky Labs links North Korea to Bangladesh Bank heist

Kaspersky Labs links North Korea to Bangladesh Bank heist

04 April 2017  |  7383 views  |  0 comments | 2 tweets | 5 linkedin
SOFE Berlin: Cyber security worries dominate closing debate

SOFE Berlin: Cyber security worries dominate closing debate

25 November 2016  |  19220 views  |  0 comments | 3 tweets | 9 linkedin
Ecuador bank gets nod to proceed with suit against Wells Fargo over Swift heist

Ecuador bank gets nod to proceed with suit against Wells Fargo over Swift heist

19 October 2016  |  5606 views  |  0 comments | 4 tweets | 8 linkedin
Swift in the firing line of new bank-targeting Trojan

Swift in the firing line of new bank-targeting Trojan

11 October 2016  |  8041 views  |  0 comments | 10 tweets | 21 linkedin
Swift to 'name and shame' banks who fail to meet security standards

Swift to 'name and shame' banks who fail to meet security standards

28 September 2016  |  8604 views  |  1 comments | 16 tweets | 23 linkedin
Swift unveils tool to help banks spot fraudulent transfers

Swift unveils tool to help banks spot fraudulent transfers

20 September 2016  |  7756 views  |  3 comments | 10 tweets | 7 linkedin
Swift presses banks on security as more hacks surface

Swift presses banks on security as more hacks surface

31 August 2016  |  8939 views  |  0 comments | 20 tweets | 30 linkedin
Swift calls in outside help to shore up cyber defences

Swift calls in outside help to shore up cyber defences

11 July 2016  |  7081 views  |  0 comments | 7 tweets | 17 linkedin
Swift's Perez-Tasso warns of defining cybersecurity moment

Swift's Perez-Tasso warns of defining cybersecurity moment

16 June 2016  |  9211 views  |  0 comments | 8 tweets | 15 linkedin
Swift to review strategy in wake of cyber attacks

Swift to review strategy in wake of cyber attacks

03 June 2016  |  13221 views  |  4 comments | 19 tweets | 24 linkedin
Symantec traces Swift attacks to North Korea

Symantec traces Swift attacks to North Korea

27 May 2016  |  8332 views  |  0 comments | 11 tweets | 9 linkedin
Swift outlines new security protocols as crisis escalates

Swift outlines new security protocols as crisis escalates

24 May 2016  |  10186 views  |  5 comments | 11 tweets | 30 linkedin
As details of third attack emerge, Swift calls on banks to report hacks

As details of third attack emerge, Swift calls on banks to report hacks

20 May 2016  |  8404 views  |  0 comments | 17 tweets | 10 linkedin
Vietnam's TPBank thwarts Swift messaging heist

Vietnam's TPBank thwarts Swift messaging heist

16 May 2016  |  6385 views  |  1 comments | 3 tweets | 4 linkedin
Swift warns of second victim of bank hackers

Swift warns of second victim of bank hackers

13 May 2016  |  12110 views  |  5 comments | 11 tweets | 21 linkedin
Swift confirms multiple cases of fraudulent message traffic

Swift confirms multiple cases of fraudulent message traffic

26 April 2016  |  8224 views  |  2 comments | 5 tweets | 18 linkedin
Swift warns banks of malware threat

Swift warns banks of malware threat

25 April 2016  |  10519 views  |  0 comments | 16 tweets | 12 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit info.nice.comVisit http://go.jumio.com/finextraAdVisit iliad-solutions.com/

Top topics

Most viewed Most shared
Calmejane quits Lloyds Bank to join SocGenCalmejane quits Lloyds Bank to join SocGen
12636 views comments | 6 tweets | 7 linkedin
Hong Kong plans September go-live for blockchain-based trade financeHong Kong plans September go-live for bloc...
10050 views comments | 9 tweets | 17 linkedin
Mastercard enlists Worldpay to push Vocalink's Pay by Bank appMastercard enlists Worldpay to push Vocali...
9620 views 19 comments | 15 tweets | 30 linkedin
IBM to test dollar-pegged 'stablecoin'IBM to test dollar-pegged 'stablecoin'
6548 views comments | 4 tweets | 14 linkedin
Bringing about new systems and faster payments globallyBringing about new systems and faster paym...
6375 views comments | 2 tweets | 7 linkedin

Featured job

Basic c Euro 120K, Variable Euro 120K - full ben...
Paris prefered London possible

Find your next job