The criminals who stole $101 million from Bangladesh’s central bank appear to have struck again.
SWIFT, which runs the communications network that links much of the global financial system, warned clients on Friday that a second bank has been attacked as “part of a wider and highly adaptive campaign.”
SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, said that its network and core messaging services have not been compromised. Here’s how it thinks both attacks took place:
1. Attackers use malware to circumvent a bank’s local security systems.
2. They obtain credentials allowing them access to the SWIFT messaging network.
3. Fraudulent messages are sent over the SWIFT network to initiate transfers of cash.
4. The attackers try to hide the evidence by removing some traces of the messages.
“The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both,” SWIFT said in a letter to clients that it made public.
The group did not name the target of the second attack, or say how much money, if any, was stolen.
Security researchers from British defense contractor BAE Systems (, however, )said Friday that a commercial bank in Vietnam has been targeted by malware similar to that used in the Bangladesh Bank heist.
BAE also said the same malicious code may have been used in a devastating 2014 attack on Sony (. Following the hack at Sony Pictures, internal studio documents, movies and memos were leaked, along with employees’ salaries and health information. )
“What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign,” BAE researchers wrote in a blog post.
SWIFT urged its clients to secure their own software systems quickly.
“Your first priority should be to ensure that you have all preventative and detective measures in place to secure your environment,” it warned. “This latest evidence adds further urgency to this work.”
Investigators have yet to publicly identify any suspects in the Bangladesh Bank case.
In early February, criminals were able to execute five transfers from the central bank’s account at the New York Fed. The requests looked real: They appeared to come from a Bangladesh server, and the thieves supplied the correct bank codes to authenticate the transfers.
Most of the stolen funds ended up in accounts located in the Philippines, while roughly $20 million, which has since been recovered, went to Sri Lanka. The robbers tried to steal $850 million more, but the requests were denied by the New York Fed.
Representatives of the New York Fed, Bangladesh Bank and SWIFT met earlier this week in Switzerland to discuss the heist.
The parties agreed to work together to recover the stolen funds and bring the hackers to justice, SWIFT said.