North Korea Stole Money from the Bangladesh Bank, Researchers Have Revealed


North Korea may have been behind a series of cyber bank jobs that involved the SWIFT banking network, an analysis of malware code has revealed.

North Korea linked to bank thefts

Security firm Symantec has revealed that the evidence emerging in the recent bank heist is tying the breaches to a North Korean hacking group known as Lazarus. The group has previously targeted several organizations and websites in the United States and South Korea, including the popular Sony Pictures hack. The security firm says that Lazarus is also behind the attacks on Asian banks that involved the Society for Worldwide Interbank Financial Telecommunication (SWIFT) network. SWIFT provides a network for financial institutions to send and receive information about financial transactions in a secure format and is used by banks worldwide.

Using the network, criminal hackers managed to steal $81 million from a bank in Bangladesh, while a Vietnamese bank interrupted a cyber heist of $1 million. Banks in Ecuador and Philippines were also possibly attacked by the same group.

Malware analysis revealed similarities

The malware code analysis revealed two similarities with the malware used in attacks by Lazarus since 2009. "Symantec believes that distinctive code shared between [malware] families, and the fact that Backdoor.Contopee [linked with Lazarus Group] was being used in limited targeted attacks against financial institutions in the region, means that these tools can be attributed to the same group," Symantec has said. Backdoor.Contopee was used by the group in their targets in the US and South Korea. While a highly destructive trojan, Backdoor.Destover was used in an attack against the Sony Pictures Entertainment in 2014.

Researchers have said that this piece of code has only been seen in two previous cases, in the Sony Pictures hack and attacks on banking and media institutions of South Korea in 2013. Sony Pictures hack had coincided with the release of a film about the assassination of Kim Jong-un. While there was no verification, the FBI had concluded that the North Korean government was responsible for the attack.

“If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,” Eric Chien, a security researcher at Symantec told the NYT. This latest finding also follows an earlier analysis by BAE systems which had revealed that both the Sony Pictures hack and the Bangladesh bank job were linked.

The country is believed to have been behind several criminal activities, including counterfeiting $100 bills, but this is possibly the first time that banks have been targeted for money. "We’ve never seen an attack where a nation-state has gone in and stolen money," Chien said. "This is a first."