SWIFT Hackers Targeted More Than Banks


The group of hackers, to whom security experts attribute a rash of high-profile cyber-attacks against banks that exploited the SWIFT payment network, began earlier than believed.

The organization, which is known as the Lazarus Group made headline earlier this year for hacking an unnamed Philippine bank in October 2015, Vietnam’s Tien Phong Bank in late December 2015, and the Bangladesh Central Bank in February.

According to Eldon Sprickerhoff, co-founder and chief security strategist of Canadian security firm eSentire, one of its clients was first to encounter a version of the malware, which hackers used for the subsequent banking attacks on August 28, 2015.

Eldon Sprickerhoff,eSentire

Eldon Sprickerhoff,

“For us, it was just another piece of malware,” he said. “We identified four IP addresses that were acting suspect and blocked those addressed for our client as well as across our entire customer base.”

Proofpoint, a vendor that operates a clearinghouse of cyber-threats, later informed eSentire that the company was first to generate and report a threat signature that was similar to the following fund-transfer cyber-attacks on the banks.

However, this attempted attack was not against a bank, but a registered investment advisor.

Sprickerhoff declined to identify the institution beyond that the RIA was based in New York City and has between $2 and $10 billion of assets under management.

“This was not a top-tier player,” he said. “This happened to a mid-market business.”

Such behavior is becoming more common he said. “When someone comes up with a cyber-attack against financial institutions, they seldom target a single bank. They like to spread out these attacks as wide as possible.”

Prior to these financial attacks, The Lazarus Group is also believed to be the hackers behind the infamous Sony Pictures Entertainment hack in October 2014, according to information published by Kasperky Lab, another cyber-security vendor.Other attacks attributed to these hackers include military espionage and attacks on media and manufacturing firms.

More on Cybersecurity:

Featured image by James Thew/Dollar Photo Club

Related articles