North Korea linked to hack attacks on Asian banks
27 May 2016
Security researchers have linked the recent raft of hack attacks on Asian banks to North Korea, in what they say appeared to be the first known case of a nation using digital attacks for financial gain.
According to researchers working for the digital security firm Symantec, in three recent attacks on banks, a rare piece of code had been deployed, which was earlier seen in only two previous cases: the hacking attack at Sony Pictures in December 2014 and attacks on banks and media companies in South Korea in 2013. US and South Korean government officials had blamed those attacks on North Korea, though they had not provided independent verification.
Symantec researchers yesterday said that they had uncovered evidence linking an attack at a bank in the Philippines last October with attacks on Tien Phong Bank in Vietnam in December and one in February on the central bank of Bangladesh which led to the theft of over $81 million.
''If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,'' said Eric Chien, a security researcher at Symantec, who found that identical code was used across all three attacks, www.nytimes.com reported.
''We've never seen an attack where a nation-state has gone in and stolen money,'' Chien added. ''This is a first.''
Meanwhile, investigators are examining possible computer breaches at as many as 12 banks linked to Society for Worldwide Interbank Financial Telecommunication (Swift)'s global payments network that had irregularities similar to those in the theft of $81 million from the Bangladesh central bank, according to a person familiar with the probe, Bloomberg reported.
The expansion of the investigation four months following the Bangladesh attack, the biggest known cyber-heist in history, pointed to a campaign to breach the international financial system, according to commentators.
''The emergence of new possible instances of compromise is not entirely surprising given that banks should now be undertaking rigorous reviews of their environments,'' Swift said in a written statement. ''Many may turn out to be false positives and or have nothing to do with Swift messages, but it is key that these reviews take place and banks' environments are secured.''