Skip to main content

Second group of hackers targets SWIFT users

(Image credit: Image Credit: Peshkova / Shutterstock)

Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.

A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organisations have been affected by these attacks so far.

The attackers utilised malware as a means of covering up the records of fraudulent transaction made over SWIFT (opens in new tab) which prevented the victims of the attacks from realising that they had been hacked. Symantec has tied the latest attack to the one in February that occurred at a bank in Bangladesh by the way in which the attackers tampered with the Swift system in order to hide the evidence that an attack had even occurred.

A number of security experts have claimed that the Lazarus Group was responsible for the Bangladesh robbery though the firm believes a different cybercriminal group called Carbanak is to blame for this latest attack. Symantec's reasoning behind this accusation comes as a direct result of the malware employed which resembles that malicious software used by Carbanak in the past.

The firm revealed what it has uncovered thus far, saying: “This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns. This includes the use of IP addresses found in previous Carbanak-related attacks.”

The hackers made use of Microsoft Word documents and RAR archives to target their victims. These malicious files were likely distributed through email phishing with the aim of installing Trojans onto target computers.

Symantec offered further details on the cost of such an attack, saying: “Although difficult to perform, these kinds of attacks on banks can be highly lucrative. Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars.” 

Image Credit: Peshkova / Shutterstock

After getting his start at ITProPortal and then working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches to how to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.