The Financial Express (Delhi Edition)
Russian cyber gangs linked to bank heists worth millions
London/Rome, June 17: Investigators have linked malware used by Russian and eastern European cyber-gangs to a string of bank heists that culminated in the record-breaking theft of $81 million from Bangladesh’s central bank, according to people familiar with the probe.
The tools used in some of the attacks on as many as 12 banks, mostly in Southeast Asia, match those deployed by the socalled Dridex crime gangs, said the people, who asked not to be identified because the investigation is confidential. They operateinRussiaandformerparts of the Soviet Union including Moldova and Kazakhstan.
North Korean hackers have been implicated in the Bangladesh attack because the malicious software, or malware, used suggested a link between that attack and the breach of Sony Pictures Entertainment’s network in 2014, which US officials blame on that nation. While the presence of code used in previous attacks may indicate the involvement of Dridex or North Korea, it could also mean that the malware is being sold to other parties on the black market, one of the people said.
Finding malware bearing signs of Russian gangs makes attributing the source of the attacks even more complicated for authorities, who now have evidence pointing to the potential involvement of both nation states with a history of hacking and criminal organisations that make their living stealing from businesses.
Criminals exploited weaknesses in banks’ cyber-defences to try to steal almost $1 billion from Bangladesh’s central bank in February and to take $12 million from an Ecuadorean lender in January 2015. An attack late last year on a Vietnamese bank was foiled. In all three incidents, the perpetrators got access to the codes the banks use to connect to the Swift global payments network and used them to request fund transfers that were directed elsewhere.
Dridex, which is used to identify the malware as well as the group that employs it, is spread through emails that infiltrate target computers and harvest personal information such as usernames and passwords, which can then be used to gain access to privileged networks. First spotted in 2014, Dridex is one of the most serious online threats facing consumers and businesses, according to security firm Symantec.
The disciplined and highly organided gang behind the malware operates in many ways like an ordinary company, following a Monday-to-Friday working week and even taking time off for Christmas, Symantec said in a February report. Bloomberg