Another Bank Hit By Malware – Linked to Bangladesh Bank Heist and Sony Hack
While investigators are still trying to solve the $81 million heist from the Central Bank of Bangladesh in February, a second malware attack is being reported that targeted a commercial bank in Vietnam.
Second bank hit using SWIFT, links to Bangladesh heist and Sony hack
Using the Society for Worldwide Interbank Financial Telecommunication (SWIFT), the global financial messaging network that was previously believed to be the most secure network in the world, the attack was carried out on an unnamed commercial bank at some point during the last few months. SWIFT is a Belgian co-operative owned by member banks, and is used by thousands of banks and companies to move the money around the world. The company has said that the second attack was similar to the Bangladesh heist, and seems to "part of a wider and highly adaptive campaign targeting banks."
In a warning letter from SWIFT, a copy of which was seen by the New York Times, SWIFT warns of a second breach that has manipulated its network. In both the banking attacks, the thieves managed to penetrate the targeted banks' systems using legitimate network credentials, and initiated fraudulent SWIFT messages to transfer money. In the second case, SWIFT has said that the attackers also used a malware called "Trojan PDF reader" to manipulate PDF reports confirming the messages to hide their tracks.