Market Overview

Bangladesh Hackers Target More Asian Banks

Bangladesh Hackers Target More Asian Banks

Cybersecurity firm Symantec Corporation (NASDAQ: SYMC) said it has found evidence hackers who stole $81 million from the Bangladesh central bank and attempted to steal over $1 million from the Tien Phong Bank in Vietnam have also attacked a bank in the Philippines.

"Malware used by the group was also deployed in targeted attacks against a bank in the Philippines," Symantec said in a blog post.

Related Link: Citi On Symantec: Still Lots Of Moving Parts Following Q4

A senior executive at Mandiant (a unit of FireEye Inc (NASDAQ: FEYE)) who was investigating the Bank Bangladesh heist told Reuters hackers had penetrated banks in Southeast Asia recently.

According to Mandiant Vice President Marshall Heilman, "[I]t was not known whether any money was lost in the other attacks he described or whether the hackers had been successfully blocked," said Reuters.

The Lazarus Group

The blog said, "Some of the tools used share code similarities with malware used in historic attacks linked to a threat group known as Lazarus [...] [which] has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea."

The Lazarus group has also been linked to the 2014 hack against Sony Corp (ADR) (NYSE: SNE).

However, the Philippines central bank's deputy governor, Nestor Espenilla, had said "no bank in the country had lost money to hackers, although he did not rule out the possibility of cyber attacks," Reuters reported.

"We are checking if there are similar attacks on Philippine banks," Espenilla told Reuters. "However, no reported losses so far."

The Technology

Meanwhile, Symantec said it has identified three pieces of malware used in limited-targeted attacks against the financial industry in Southeast Asia: Backdoor.Fimlis, Backdoor.Fimlis.B and Backdoor.Contopee.

Code sharing between Trojan.Banswift (used in the Bangladesh attack) and early iterations of Backdoor.Contopee "provided a connection," the blog said.

"While analyzing samples of Trojan.Banswift, a distinct file wiping code was found," Symantec said.

Related Link: The Market In 5 Minutes: Happy Memorial Day Weekend

"Already this code looked fairly unique. What was even more interesting was that when we searched for additional malware containing the exact combination of 'control' bytes, an early variant of Backdoor.Contopee and the 'msoutc.exe' sample already discussed in the recent BAE blog analyzing the Bangladesh attack were also found," the blog post said.

Constant Vigilance

"The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region," the blog post concluded. "While awareness of the threat posted by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant."


Related Articles (SNE + FEYE)

View Comments and Join the Discussion!

Posted-In: News Emerging Markets Politics Events Global Markets Tech Media Best of Benzinga