Vietnamese Bank Managed to Interrupt a $1 Million Cyber Heist

Rafia Shaikh
Posted May 16, 2016
30Shares
Share Tweet Submit

We shared with you last week that following the Bangladeshi bank heist, another bank was also hit by malware, but it managed to interrupt the cyber heist. As speculated by the BAE systems, Vietnamese commercial bank TPBank has released a statement this weekend confirming an attempted heist, which happened before the successful Bangladesh central bank theft.

Vietnamese TPBank foiled a cyber heist in Q4 2015

The global financial messaging network, SWIFT had shared that its network was used to carry out an attack on a commercial bank, however, it didn’t mention the name of the affected bank. Following the statement by SWIFT, we also saw a report coming from a security research firm who, while investigating the Bangladesh central bank heist discovered that another bank was also hit by malware using similar strategies. Security researchers at BAE had said that this second bank affected by cyber heist was a commercial bank in Vietnam.

Now, Vietnam’s Tien Phong Bank (TPBank) has released a statement saying that it interrupted the attempted theft of approximately $1.1 million. Vietnamese bank was also hit using fraudulent SWIFT messages, with techniques similar to those employed in the successful heist of $81 million from the Bangladesh Central Bank. The attack took place at the end of 2015, and this seems to be first public acknowledgement of the attempted heist. Following TPBank’s statement, the State Bank of Vietnam is reportedly investigating the attempted bank theft.

How the criminals tried to steal $1.1 million from TPBank

We have already shared with our readers that this specific group of criminals targeting banks seems to either hire services of bank employees or remain inside the network long enough to learn about the vulnerable points. In the Bangladeshi bank heist, the group knew they had to interfere with the printer to validate transfers whereas in the second attack it used a PDF malware, confirming that they had a clear understanding of the different transfer validation methods used by the banks.

Vietnamese bank has said that the transfers were made using the infrastructure of an outside vendor. This vendor was hired to connect TPBank to the SWIFT bank messaging system. TPBank recognized the suspicious SWIFT messages attempting to transfer $1.1 million and was able to prevent these transfer by immediately contacting all the involved parties. While the statement doesn’t name this third-party vendor, the bank confirms to have switched to a new system offering a higher level of security while connecting to SWIFT directly.

Last week, SWIFT in its warning letter to members had said that the then unnamed Vietnam bank uses PDF files to validate transactions, which was manipulated by hackers to remove traces of their fraudulent transactions. While the bank in its statement refers to malware and a third-party vendor, it doesn’t refer to the PDF malware which was shared in SWIFT’s letter.

Since TPBank was attacked at the end of last year and Bangladesh’s central bank heist didn’t happen until this February, it is unknown if SWIFT was aware of the first attempted cyber heist using its messaging network. As SWIFT hasn’t yet made any comment on TPBank’s statement, it is unclear if TPBank informed SWIFT of this attempted bank theft, in which case SWIFT would have been able to warn other clients.

TPBank, founded by a top technology firm, is considered one of the most technologically savvy banks in Vietnam. “Just last week it was received the “Best Internet Banking” prize from The Asian Banker,” Reuters reported.

Share Tweet Submit