Russian Cyber Gangs Linked To Bank Robberies

Uploaded on 2016-06-28 in NEWS-Cybersecurity News, GOVERNMENT-Law Enforcement, FREE TO VIEW, BUSINESS-Services-Financial, TECHNOLOGY--Hackers

Benglaesh Central Bank Swift Code

Investigators have linked malware used by Russian and eastern European cyber-gangs to a string of bank thefts that culminated in the record-breaking theft of $81 million from Bangladesh’s central bank, according to people familiar with the probe.

The tools used in some of the attacks on as many as 12 banks, mostly in Southeast Asia, match those deployed by the so-called Dridex crime gangs, said the people, who asked not to be identified because the investigation is confidential. They operate in Russia and former parts of the Soviet Union including Moldova and Kazakhstan.

North Korean hackers have been implicated in the Bangladesh attack because the malicious software, or malware, used suggested a link between that attack and the breach of Sony Pictures Entertainment Inc.’s network in 2014, which US officials blame on that nation. While the presence of code used in previous attacks may indicate the involvement of Dridex or North Korea, it could also mean that the malware is being sold to other parties on the black market, one of the people said.

E-mail Infiltration

Finding malware bearing signs of Russian gangs makes attributing the source of the attacks even more complicated for authorities, who now have evidence pointing to the potential involvement of both nation states with a history of hacking and criminal organizations that make their living stealing from businesses.

Criminals exploited weaknesses in banks’ cyber-defenses to try to steal almost $1 billion from Bangladesh’s central bank in February and to take $12 million from an Ecuadorean lender in January 2015. An attack late last year on a Vietnamese bank was foiled. In all three incidents, the perpetrators got access to the codes the banks use to connect to the Swift global payments network and used them to request fund transfers that were directed elsewhere.

Dridex, which is used to identify the malware as well as the group that employs it, is spread through e-mails that infiltrate target computers and harvest personal information such as usernames and passwords, which can then be used to gain access to privileged networks. First spotted in 2014, Dridex is one of the most serious online threats facing consumers and businesses, according to security firm Symantec Corp.

Working Week

The disciplined and highly organized gang behind the malware operates in many ways like an ordinary company, following a Monday-to-Friday working week and even taking time off for Christmas, Symantec said in a February report.

In the Bangladesh case, the Federal Reserve Bank of New York was tricked by fake Swift messages into wiring money it held for the country to hacker-controlled accounts in the Philippines. Hackers impersonated bank officials to send the messages, and they deployed malware targeting a PDF reader used to check statements.

Nathasha de Teran, a spokeswoman for SWIFT, which is the acronym for the Society for Worldwide Interbank Financial Telecommunication, declined to comment.

FireEye Inc., the security firm hired by the Bangladesh bank, has been contacted by as many as 12 other banks that are concerned that hackers may have breached their networks in a similar fashion, a person familiar with the approaches said last month. There was no indication that money was taken.

Information-Management:  

« The Cyberwar Frontier In Korea
Charge Companies for Cyber Security Failures »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Indelible Data

Indelible Data

Indelible Data is an established information security and technology consultancy and a Cyber Essentials Certification Body.

National Security Agency (NSA) - USA

National Security Agency (NSA) - USA

NSA is a US intel agency responsible for the protection of government communications and information systems against penetration and network warfare.

CONCERT

CONCERT

CONCERT is a Computer Emergency Response Team and cyber security information sharing network for companies, institutes and government in Korea.

Penta Security

Penta Security

Founded on its data encryption technology, Penta Security is a leading provider of web and data security products, solutions and services.

GuidePoint Security

GuidePoint Security

GuidePoint Security provide information security solutions that enable commercial and federal organizations to more successfully achieve their security and business goals.

Halcyon Knights

Halcyon Knights

Halcyon Knights is a specialist executive search and IT recruitment agency in the APAC region. Areas of specialisation include cybersecurity.

GrrCON

GrrCON

GrrCON is an information security and hacking conference that provides the Midwest InfoSec community with a fun atmosphere to come together and engage with like minded people.

Elemental Cyber Security

Elemental Cyber Security

Elemental is a game changing cyber security compliance automation and enforcement technology provider.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

ISECURION Technology & Consulting

ISECURION Technology & Consulting

ISECURION is an information security consulting company. We provide a unique blend of services to our customers catering to the current information security landscape.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Red Goat Cyber Security

Red Goat Cyber Security

Red Goat Cyber Security have created excellent, informative and interactive Social Engineering Awareness training which is suitable for all levels of staff.

Lucidum

Lucidum

The Lucidum platform helps you assess risk and mitigate vulnerabilities by finding and correlating data from your security tech stack.

Truly Secure

Truly Secure

Truly Secure is an IT Service Provider that ensures greater efficiency and security within a company's technological environment.

Exium

Exium

At Exium we’ve integrated networking and security in a cloud-delivered Zero Trust platform powered by 5G and open source.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.