Second group of hackers targets SWIFT users

A second group of hackers have been discovered that employed a similar method to the one used in February to steal $81 million from a bank in Bangladesh.

Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.

A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organisations have been affected by these attacks so far.

The attackers utilised malware as a means of covering up the records of fraudulent transaction made over SWIFT which prevented the victims of the attacks from realising that they had been hacked. Symantec has tied the latest attack to the one in February that occurred at a bank in Bangladesh by the way in which the attackers tampered with the Swift system in order to hide the evidence that an attack had even occurred.

A number of security experts have claimed that the Lazarus Group was responsible for the Bangladesh robbery though the firm believes a different cybercriminal group called Carbanak is to blame for this latest attack. Symantec's reasoning behind this accusation comes as a direct result of the malware employed which resembles that malicious software used by Carbanak in the past.

The firm revealed what it has uncovered thus far, saying: “This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns. This includes the use of IP addresses found in previous Carbanak-related attacks.”

The hackers made use of Microsoft Word documents and RAR archives to target their victims. These malicious files were likely distributed through email phishing with the aim of installing Trojans onto target computers.

Symantec offered further details on the cost of such an attack, saying: “Although difficult to perform, these kinds of attacks on banks can be highly lucrative. Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars.” 

Image Credit: Peshkova / Shutterstock


Anthony currently resides in South Korea where he teaches and experiences Korean technological advances first hand.