Bangladesh Hackers Targeted Other Asian Banks

Cybersecurity firm Symantec Corporation

said it has found evidence that hackers who stole $81 million from the Bangladesh central bank and attempted to steal over $1 million from the Tien Phong Bank in Vietnam also attacked a bank in the Philippines. "Malware used by the group was also deployed in targeted attacks against a bank in the Philippines," Symantec said in a blog post. http://www.symantec.com/connect/blogs/swift-attackers-malware-linked-more-financial-attacks The blog said some of the tools used share code similarities with malware used in historic attacks linked to a threat group known as Lazarus, which has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea. The Lazarus group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Corp (ADR)

. However, Reuters said the Philippines central bank's deputy governor, Nestor Espenilla, said that no bank in the country had lost money to hackers, although he did not rule out the possibility of cyber attacks. http://www.reuters.com/article/us-cyber-heist-swift-symantec-idUSKCN0YH29J "We are checking if there are similar attacks on Philippine banks," Espenilla told Reuters. "However, no reported losses so far." The blog said the latest attacks can be traced back as far as October 2015, two months prior to the discovery of the failed attack in Vietnam. It may be recalled that the attack against the Bangladesh central bank triggered an alert by payments network SWIFT. Vietnam's Tien Phong Bank subsequently stated that it intercepted a fraudulent transfer of over $1 million in the fourth quarter of last year. Banco del Austro in Ecuador, was also reported to have lost $12 million to attackers using fraudulent SWIFT transactions. A senior executive at Mandiant, a unit of FireEye Inc

, investigating the Bank Bangladesh heist, told Reuters the hackers had recently penetrated banks in Southeast Asia. Meanwhile, Symantec said it has identified three pieces of malware which were being used in limited targeted attacks against the financial industry in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee. Code sharing between Trojan.Banswift (used in the Bangladesh attack) and early variants of Backdoor.Contopee provided a connection, the blog said. While analyzing samples of Trojan.Banswift, Symantec said a distinct file wiping code was found. "Already this code looked fairly unique. What was even more interesting was that when we searched for additional malware containing the exact combination of "control" bytes, an early variant of Backdoor.Contopee and the "msoutc.exe" sample already discussed in the recent BAE blog analyzing the Bangladesh attack were also found," the blog post said.