17 December 2017
visit http://response.ncr.com

BAE links Taiwanese bank attack to North Korea

17 October 2017  |  5140 views  |  0 Spiders computer virus

Cybersecurity researchers at BAE System believe that a hacking crew operating out of North Korea were behind a recent malware and money-moving attack on Far Eastern International Bank in Taiwan.

In a case reminiscent of the infamous Bangladesh Bank heist, the culprits had compromised the Far Eastern terminal connected to the international Swift network and sent a series of doctored messages to transfer funds into accounts at multiple overseas banks.

BAE systems says that since the attack, various samples have been uploaded to malware repositories which appear to originate from the intrusion. These include group tools bearing the fingerprints of the North Korean-based Lazarus hacking group, as well as a rare ransomware variant called ‘Hermes’ which may have been used as a distraction or cover-up for the security team whilst the heist was occurring.

Having mapped out the bank's network and identified the interface to Swift, the attackers appear to have created MT103 messages to transfer funds to Cambodia, the US, and Sri Lanka coupled with MT202COV messages to order the movement of funds to the beneficiary institution via another bank intermediary.

Although media reports initially suggested $60 million was looted by the attackers, the reality is a little more prosaic.

"The content of these messages was syntactically correct but the values in specific fields were wrong. As a result, they were received by the intermediary bank but had no further influence on the funds transferred to the beneficiary accounts," says BAE Systems. "Reports of $60M being stolen appear to be due to confusion over these latter messages, and the amounts actually stolen were considerably lower. Most of these appear to have been recovered."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Sibos 2017: Swift CEO claims cyberthreats becoming 'manageable nuisance'

Sibos 2017: Swift CEO claims cyberthreats becoming 'manageable nuisance'

16 October 2017  |  8588 views  |  0 comments | 5 tweets | 3 linkedin
Taiwan's Far Eastern International Bank suffers malware attack

Taiwan's Far Eastern International Bank suffers malware attack

10 October 2017  |  16132 views  |  0 comments | 16 tweets | 22 linkedin
EastNets adopts AI to monitor Swift traffic for fraudulent messages

EastNets adopts AI to monitor Swift traffic for fraudulent messages

14 June 2017  |  9750 views  |  0 comments | 4 tweets | 12 linkedin
Swift launches cyber-threat intelligence service

Swift launches cyber-threat intelligence service

15 May 2017  |  14088 views  |  0 comments | 11 tweets | 15 linkedin
Swift and EastNets deny hacker claims that NSA infiltrated back door to spy on Mid East banks

Swift and EastNets deny hacker claims that NSA infiltrated back door to spy on Mid East banks

18 April 2017  |  7836 views  |  0 comments | 5 tweets | 7 linkedin
Swift introduces tool to help banks spot fraudulent messages

Swift introduces tool to help banks spot fraudulent messages

12 April 2017  |  7991 views  |  1 comments | 6 tweets | 18 linkedin
Kaspersky Labs links North Korea to Bangladesh Bank heist

Kaspersky Labs links North Korea to Bangladesh Bank heist

04 April 2017  |  6840 views  |  0 comments | 2 tweets | 5 linkedin
SOFE Berlin: Cyber security worries dominate closing debate

SOFE Berlin: Cyber security worries dominate closing debate

25 November 2016  |  18861 views  |  0 comments | 3 tweets | 9 linkedin
Ecuador bank gets nod to proceed with suit against Wells Fargo over Swift heist

Ecuador bank gets nod to proceed with suit against Wells Fargo over Swift heist

19 October 2016  |  5366 views  |  0 comments | 4 tweets | 8 linkedin
Swift in the firing line of new bank-targeting Trojan

Swift in the firing line of new bank-targeting Trojan

11 October 2016  |  7494 views  |  0 comments | 10 tweets | 21 linkedin
Swift to 'name and shame' banks who fail to meet security standards

Swift to 'name and shame' banks who fail to meet security standards

28 September 2016  |  8249 views  |  1 comments | 16 tweets | 23 linkedin
Swift unveils tool to help banks spot fraudulent transfers

Swift unveils tool to help banks spot fraudulent transfers

20 September 2016  |  7410 views  |  3 comments | 10 tweets | 7 linkedin
Swift presses banks on security as more hacks surface

Swift presses banks on security as more hacks surface

31 August 2016  |  8636 views  |  0 comments | 20 tweets | 30 linkedin
Swift calls in outside help to shore up cyber defences

Swift calls in outside help to shore up cyber defences

11 July 2016  |  6813 views  |  0 comments | 7 tweets | 17 linkedin
Swift's Perez-Tasso warns of defining cybersecurity moment

Swift's Perez-Tasso warns of defining cybersecurity moment

16 June 2016  |  8898 views  |  0 comments | 8 tweets | 15 linkedin
Swift to review strategy in wake of cyber attacks

Swift to review strategy in wake of cyber attacks

03 June 2016  |  12819 views  |  4 comments | 19 tweets | 24 linkedin
Symantec traces Swift attacks to North Korea

Symantec traces Swift attacks to North Korea

27 May 2016  |  8058 views  |  0 comments | 11 tweets | 9 linkedin
Swift outlines new security protocols as crisis escalates

Swift outlines new security protocols as crisis escalates

24 May 2016  |  9915 views  |  5 comments | 11 tweets | 30 linkedin
As details of third attack emerge, Swift calls on banks to report hacks

As details of third attack emerge, Swift calls on banks to report hacks

20 May 2016  |  8084 views  |  0 comments | 17 tweets | 10 linkedin
Vietnam's TPBank thwarts Swift messaging heist

Vietnam's TPBank thwarts Swift messaging heist

16 May 2016  |  6055 views  |  1 comments | 3 tweets | 4 linkedin
Swift warns of second victim of bank hackers

Swift warns of second victim of bank hackers

13 May 2016  |  11720 views  |  5 comments | 11 tweets | 21 linkedin
Swift confirms multiple cases of fraudulent message traffic

Swift confirms multiple cases of fraudulent message traffic

26 April 2016  |  7915 views  |  2 comments | 5 tweets | 18 linkedin
Swift warns banks of malware threat

Swift warns banks of malware threat

25 April 2016  |  10075 views  |  0 comments | 16 tweets | 12 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.thomsonreuters.infovisit www.ebaday.comvisit www.niceactimize.com

Top topics

Most viewed Most shared
satelliteRipple completes XRP Lockup
10652 views comments | 3 tweets | 2 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
10302 views comments | 18 tweets | 36 linkedin
Banks tap Ethereum smart contracts for MiFID II complianceBanks tap Ethereum smart contracts for MiF...
7699 views comments | 10 tweets | 10 linkedin
Banks and fintech startups join forces on blockchain-based supply chain pilotBanks and fintech startups join forces on...
7351 views comments | 19 tweets | 22 linkedin
hands typing furiouslyReshaping Customer Engagement & Da...
6776 views 0 | 4 tweets | 2 linkedin

Featured job

Competitive base, double ote, benefits
London, UK

Find your next job