Cybersecurity firm Symantec has found evidence that North Korea is behind the recent string of attacks on several Asian banks.
Symantec said the malware used to steal $81 million from Bangladesh’s central bank is linked to attacks on a bank in the Philippines and in Vietnam.
This may be the first time one country has used malicious code to steal money from another country.
Security researchers say the malware is similar to that used in the past by a group known as "Lazarus.'' The group has been linked to a string of hackings largely focused on U.S. and South Korean targets dating back to 2009. That includes the crippling 2014 hack of Sony Pictures, which the FBI has blamed on the North Korean government. North Korea denied the allegation.
Symantec said a bank in Ecuador also reported to have lost $12 million to attackers using fraudulent SWIFT transactions. Its researchers now back findings by the British defense contractor BAE Systems that links the Bangladesh bank heist and cyber-attacks on the banks in Vietnam and Ecuador.
In all 3 attacks on those banks, the hackers were able to compromise the security of what's known as the SWIFT messaging system, once thought to be the world's most secure system for sending orders for financial transactions.
Symantec also traced the unique code to an unnamed Filipino bank. The country’s central bank deputy governor told Reuters that no bank had reported lost money to hackers in the Philippines, but he didn’t rule out the possibility.
“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region,” Symantec wrote in a blog post. “While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant.”