Hackers who stole $81 million from Bangladesh’s central bank have been linked to another cyber attack, this time on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures Entertainment, cyber security company Symantec Corp said in a blog post on Thursday.
If confirmed, the Philippines incident would represent the fourth known cyber attack against a bank involving fraudulent SWIFT messages. SWIFT, as the Society for Worldwide Interbank Financial Telecommunication is known, this week urged banks to bolster their security, saying it was aware of multiple attacks.
Banks use secure SWIFT messages for issuing payment instructions to each other.
Symantec said it had identified three pieces of malware that were used in limited targeted attacks against financial institutions in Southeast Asia. Symantec said the attackers were able to infiltrate the bank’s computers but there was no evidence of money being stolen.
One of the malicious programs has been previously associated with a hacking group known as Lazarus, which has been linked to the devastating attack on Sony’s Hollywood studio in 2014. The U.S. government publicly blamed the Sony hack on North Korea.
“There is a pretty hard connection now to the Sony attacks and the actor behind them” and the Bangladesh heist, Eric Chien, technical director at Symantec, said in an interview.
Chien said that if North Korea was responsible for the hacks on banks via the SWIFT messaging network it would represent the first known episode of a nation-state stealing money in a cyber attack.
Security firm BAE Systems earlier this month said it had uncovered evidence linking malicious software used in the Bangladesh heist to the Sony hack.
Policymakers, regulators and financial institutions around the world are stepping up scrutiny of the cyber security of the SWIFT payments system after thieves in February used it to make fraudulent transfers totaling $81 million out of the Bank Bangladesh’s account at the Federal Reserve Bank of New York.
Symantec and other researchers have also linked the hack to a failed attempt to use fraudulent SWIFT messages to steal from a commercial bank in Vietnam.
In addition, Reuters reported last week that Ecuador’s Banco del Austro had more than $12 million stolen from a Wells Fargo account due to fraudulent transfers over the SWIFT network.
The emergence of new possible instances of compromise is not entirely surprising as banks conduct more reviews, SWIFT spokeswoman Natasha de Teran told Reuters.
“Many may turn out to be false positives, and or have nothing to do with SWIFT messages, but it is key that these reviews take place and banks’ environments are secured,” she added. (Reporting by Dustin Volz in Washington; Additional reporting by Narottam Medhora in Bengaluru; Editing by Siddharth Cavale and Leslie Adler)