Investigators probing the cyber heist of $81 million from the Bangladesh central bank yesterday connected it to the hack at Sony Corp's film studio in 2014, while global financial network SWIFT disclosed a previously unreported attack on a commercial bank.
SWIFT did not say which commercial bank it was or whether it had lost money, but cyber-security firm BAE Systems said a Vietnamese bank, which it did not name, had been a target. It was not clear if they were referring to the same attack and there was no immediate comment from authorities in Hanoi.
SWIFT, the linchpin of the global financial system, said forensic experts believed the second case showed that the Bangladesh heist was not a single occurrence, but part of a wider campaign targeting banks.
In both cases, SWIFT said, insiders or cyber attackers had succeeded in penetrating the targeted banks' systems, obtaining user credentials and submitting fraudulent SWIFT messages that correspond with transfers of money.
The cooperative has maintained that its core messaging service has not been compromised. But confirmation of a second attack on a bank will likely increase scrutiny on the security of a network used by 11,000 financial institutions globally.
In Bangladesh, cyber-security experts hired by the central bank said in a report that hackers were still inside the bank's network, monitoring the investigation into one of the biggest cyber heists in the world. Reuters reviewed parts of the report, but the source who shared the document declined to provide access to its full contents, saying the release of some details could hamper a multinational effort to catch the criminals.
BAE Systems, Europe's largest weapons maker, which also has a large cyber-security business, said it had uncovered evidence linking malicious software used in the Bangladesh heist to the high-profile attack on Sony's Hollywood studio in 2014 and other cases.
"What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign," BAE's cyber-security team said in a report it released yesterday.
BAE also said it uncovered malware that was recently used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT money-transfer network. The malware operated "in a similar fashion" to the Bangladesh Bank hack, BAE said.
SWIFT also did not name the victim, and neither firm said whether any funds had been stolen.
Reuters was not able to independently confirm the findings of BAE's determination about similarities between the Bangladesh and Sony attacks. The US government has blamed North Korea for the attack on Sony's film studio, a charge Pyongyang has rejected.
BAE's head of threat intelligence, Adrian Nish, told Reuters that the company was only focused on the technical evidence that links the attacks, not determining who was behind them.
The report said the malware used against Bangladesh Bank exhibits "the same unique characteristics" as software used in "Operation Blockbuster", a campaign documented by a coalition of security firms that dates back to at least 2009 and includes the Sony hack.
BAE asserted the Operation Blockbuster connection after analyzing tens of millions of malicious file samples, but the report acknowledged there could be alternate explanations for the similarities.
It is possible that multiple programmers shared the same code, or even that it was painstakingly recreated to confuse investigators, according to BAE.