Threatwatch

Russian Government Might Be Behind JPMorgan Hack

Cyber espionage; Network intrusion; Software vulnerability

Suspected government-backed hackers penetrated systems at JPMorganChase and at least one other bank during incidents that the FBI is investigating as Russia’s response to U.S.-sponsored sanctions.

In one case, the attackers abused a "zero-day" vulnerability, a software flaw, in a bank website.

“They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers,” Bloomberg reports. “The incidents occurred at a low point in relations between Russia and the West.”

Russian troops continue crowding the Ukrainian border and the West continues imposing sanctions against Russian companies, including key banks.

Gigabytes of sensitive data have been lost as a result of the cyber offensive.

In at least one of the situations, the hackers grabbed data from the files of bank employees, including executives. Some data related to customers may also have been accessed.

Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also tied to the incident.

Technical indicators extracted from the banks’ computers provide some evidence of a government link.

“Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe,” Bloomberg reports.

In April, JPMorgan was rebuked when it blocked a payment from a Russian embassy to the affiliate of a U.S.-sanctioned bank. Russia’s foreign ministry called the move “illegal and absurd.” 

sector

Financial Services

reported

August 27, 2014

reported by

Bloomberg

number affected

Unknown

location of breach

New York, United States

perpetrators

Russian Hackers

location of perpetrators

Eastern Europe

date breach occurred

mid-August 2014

date breach detected

Unknown