Symantec traces Swift banking hacks to North Korea

A recent spate of successful and attempted online bank robberies is being attributed to North Korea by cybersecurity vendor Symantec.

Image copyright: David Carillet / Shutterstock

Security firm Symantec has linked the hackers who stole $81 million from a bank in Bangladesh to the 2014 hack of Sony Pictures Entertainment, which President Obama blamed on North Korea. The revelation comes as Congress probes the Federal Reserve on what it is doing to protect against such malware-enabled attacks on the financial system.

The February cyberheist of Bangladesh's central bank turned heads in part because hackers were able to manipulate SWIFT (Society for Worldwide Interbank Financial Telecommunication), a widely used financial system. Symantec researchers say they have found evidence that the same criminal group hit a bank in the Philippines, and attempted to steal $1.1 million from a bank in Vietnam.

One of the pieces of malware used in the targeted attacks on Southeast Asian banks has been used by Lazarus, a hacking group that has targeted U.S. and South Korean assets, Symantec said. Lazarus has been linked to a "highly destructive" malicious program that was used in the Sony Pictures hack, Symantec said in a blog post.

The cyber theft at Bangladesh's central bank involved siphoning funds from an account at the Federal Reserve Bank of New York. In response to the attack, Sen. Tom Carper, (D-Del.), ranking member of the Senate Homeland Security and Governmental Affairs Committee, sent a letter to New York Fed President William Dudley asking whether the Federal Reserve plans to update its cybersecurity policies. Carper requested a response by mid-June; a spokesperson said the senator had yet to receive one.

The FBI's evidence that North Korea was involved in the Sony Pictures attack included specific code and encryption algorithms. The Obama administration imposed sanctions on North Korea officials in retaliation. 

Confirmation that North Korea was behind the SWIFT attacks would be evidence of the rogue state's ability to exploit cyberspace for asymmetric advantage.

"The North Korean government has used crime as a way to make hard cash for years – they're the best in the world at counterfeiting $100 bills," James Lewis, senior fellow at the Center for Strategic and International Studies, told FCW. "So it's no surprise that as their cyber capabilities have gotten better they've turned to hacking as another way to make money."