24 April 2018
visit www.nextgenbanking.co.uk

BAE links Taiwanese bank attack to North Korea

17 October 2017  |  5582 views  |  0 Spiders computer virus

Cybersecurity researchers at BAE System believe that a hacking crew operating out of North Korea were behind a recent malware and money-moving attack on Far Eastern International Bank in Taiwan.

In a case reminiscent of the infamous Bangladesh Bank heist, the culprits had compromised the Far Eastern terminal connected to the international Swift network and sent a series of doctored messages to transfer funds into accounts at multiple overseas banks.

BAE systems says that since the attack, various samples have been uploaded to malware repositories which appear to originate from the intrusion. These include group tools bearing the fingerprints of the North Korean-based Lazarus hacking group, as well as a rare ransomware variant called ‘Hermes’ which may have been used as a distraction or cover-up for the security team whilst the heist was occurring.

Having mapped out the bank's network and identified the interface to Swift, the attackers appear to have created MT103 messages to transfer funds to Cambodia, the US, and Sri Lanka coupled with MT202COV messages to order the movement of funds to the beneficiary institution via another bank intermediary.

Although media reports initially suggested $60 million was looted by the attackers, the reality is a little more prosaic.

"The content of these messages was syntactically correct but the values in specific fields were wrong. As a result, they were received by the intermediary bank but had no further influence on the funds transferred to the beneficiary accounts," says BAE Systems. "Reports of $60M being stolen appear to be due to confusion over these latter messages, and the amounts actually stolen were considerably lower. Most of these appear to have been recovered."

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

Sibos 2017: Swift CEO claims cyberthreats becoming 'manageable nuisance'

Sibos 2017: Swift CEO claims cyberthreats becoming 'manageable nuisance'

16 October 2017  |  9407 views  |  0 comments | 5 tweets | 3 linkedin
Taiwan's Far Eastern International Bank suffers malware attack

Taiwan's Far Eastern International Bank suffers malware attack

10 October 2017  |  18131 views  |  0 comments | 16 tweets | 22 linkedin
EastNets adopts AI to monitor Swift traffic for fraudulent messages

EastNets adopts AI to monitor Swift traffic for fraudulent messages

14 June 2017  |  10174 views  |  0 comments | 4 tweets | 12 linkedin
Swift launches cyber-threat intelligence service

Swift launches cyber-threat intelligence service

15 May 2017  |  14681 views  |  0 comments | 11 tweets | 15 linkedin
Swift and EastNets deny hacker claims that NSA infiltrated back door to spy on Mid East banks

Swift and EastNets deny hacker claims that NSA infiltrated back door to spy on Mid East banks

18 April 2017  |  8286 views  |  0 comments | 5 tweets | 7 linkedin
Swift introduces tool to help banks spot fraudulent messages

Swift introduces tool to help banks spot fraudulent messages

12 April 2017  |  8458 views  |  1 comments | 6 tweets | 18 linkedin
Kaspersky Labs links North Korea to Bangladesh Bank heist

Kaspersky Labs links North Korea to Bangladesh Bank heist

04 April 2017  |  7160 views  |  0 comments | 2 tweets | 5 linkedin
SOFE Berlin: Cyber security worries dominate closing debate

SOFE Berlin: Cyber security worries dominate closing debate

25 November 2016  |  19130 views  |  0 comments | 3 tweets | 9 linkedin
Ecuador bank gets nod to proceed with suit against Wells Fargo over Swift heist

Ecuador bank gets nod to proceed with suit against Wells Fargo over Swift heist

19 October 2016  |  5521 views  |  0 comments | 4 tweets | 8 linkedin
Swift in the firing line of new bank-targeting Trojan

Swift in the firing line of new bank-targeting Trojan

11 October 2016  |  7796 views  |  0 comments | 10 tweets | 21 linkedin
Swift to 'name and shame' banks who fail to meet security standards

Swift to 'name and shame' banks who fail to meet security standards

28 September 2016  |  8503 views  |  1 comments | 16 tweets | 23 linkedin
Swift unveils tool to help banks spot fraudulent transfers

Swift unveils tool to help banks spot fraudulent transfers

20 September 2016  |  7642 views  |  3 comments | 10 tweets | 7 linkedin
Swift presses banks on security as more hacks surface

Swift presses banks on security as more hacks surface

31 August 2016  |  8830 views  |  0 comments | 20 tweets | 30 linkedin
Swift calls in outside help to shore up cyber defences

Swift calls in outside help to shore up cyber defences

11 July 2016  |  7009 views  |  0 comments | 7 tweets | 17 linkedin
Swift's Perez-Tasso warns of defining cybersecurity moment

Swift's Perez-Tasso warns of defining cybersecurity moment

16 June 2016  |  9115 views  |  0 comments | 8 tweets | 15 linkedin
Swift to review strategy in wake of cyber attacks

Swift to review strategy in wake of cyber attacks

03 June 2016  |  13109 views  |  4 comments | 19 tweets | 24 linkedin
Symantec traces Swift attacks to North Korea

Symantec traces Swift attacks to North Korea

27 May 2016  |  8242 views  |  0 comments | 11 tweets | 9 linkedin
Swift outlines new security protocols as crisis escalates

Swift outlines new security protocols as crisis escalates

24 May 2016  |  10096 views  |  5 comments | 11 tweets | 30 linkedin
As details of third attack emerge, Swift calls on banks to report hacks

As details of third attack emerge, Swift calls on banks to report hacks

20 May 2016  |  8310 views  |  0 comments | 17 tweets | 10 linkedin
Vietnam's TPBank thwarts Swift messaging heist

Vietnam's TPBank thwarts Swift messaging heist

16 May 2016  |  6284 views  |  1 comments | 3 tweets | 4 linkedin
Swift warns of second victim of bank hackers

Swift warns of second victim of bank hackers

13 May 2016  |  11996 views  |  5 comments | 11 tweets | 21 linkedin
Swift confirms multiple cases of fraudulent message traffic

Swift confirms multiple cases of fraudulent message traffic

26 April 2016  |  8129 views  |  2 comments | 5 tweets | 18 linkedin
Swift warns banks of malware threat

Swift warns banks of malware threat

25 April 2016  |  10431 views  |  0 comments | 16 tweets | 12 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit http://wup.digitalvisit www.ebaday.comVisit http://response.ncr.com

Top topics

Most viewed Most shared
Top tier banks pass first transactions on trade finance blockchainTop tier banks pass first transactions on...
14068 views comments | 20 tweets | 28 linkedin
TransferWise becomes first non-bank to open settlement account with BofE RTGSTransferWise becomes first non-bank to ope...
11194 views comments | 18 tweets | 32 linkedin
'Fake data' will make banks vulnerable - Accenture'Fake data' will make banks vulnerable - A...
9127 views comments | 26 tweets | 36 linkedin
Major card schemes zero in on single 'buy' button for online commerceMajor card schemes zero in on single 'buy'...
8420 views comments | 20 tweets | 36 linkedin
hands typing furiouslyUX Design Guide: 7 Steps to Make Digital B...
8340 views 0 | 36 tweets | 24 linkedin

Featured job

Competitive base + commission + benefits
UK or Germany

Find your next job