A fourth bank, this time in the Philippines, was attacked by them hackers which target the SWIFT interbank transfer system.
Symantec's security researchers say it is the same group that carried out the famous 81-dollar robbery at Bangladesh's central bank last February, and another 2015 attack in the Philippines.
Η ίδια ομάδα hackers είχε κατηγορηθεί επίσης και για την κλοπή 12 εκατομμυρίων δολαρίων από την Τράπεζα του Ισημερινού Banco del Austro SA, στην οποία και πάλι κατάφεραν να παραβιάσουν το σύστημα SWIFT. Οι υποψίες φαίνεται να ευσταθούν, καθώς σε όλα τα προαναφερόμενα hacks, έχει χρησιμοποιηθεί το ίδιο malware, which suggests that the group itself is behind it, according to Symantec.
Symantec has identified three malware used in targeted targeted attacks against the financial industry in Southeast Asia: Backdoor.Fimlis, Backdoor.Fimlis.B and Backdoor.Contopee.
It is not yet clear what the motives behind these attacks are, but there is a common coding in the Trojan.Banswift (used in Bangladesh's attack to manipulate the SWIFT system) and backdoor.contopee variants.
All of the above malware also uses a common practice. They delete the malicious code to cover bank attacks and their traces in general. This practice is the same as that used in Sony Pictures attacks, according to Symnatec researchers.
Symantec believes that the malicious code is shared among the malware and the fact that Backdoor.Contopee has been used in limited targeted attacks against financial institutions in the region means that the tools αυτά μπορούν να αποδοθούν στην ίδια hacking ομάδα.
Backdoor.Contopee has been used in the past by attackers associated with a group known as Lazarus. The Lazarus team has been linked to a number of attacks by 2009, which was largely focused on targets in the US and South Korea. The team was linked to Backdoor.Destover, a particularly catastrophic Trojan that even made the FBI issue a warning after using it in an attack on Sony Pictures Entertainment. The FBI then came to the conclusion that the North Korean government was responsible for this attack.
How deep is the rabbit hole?
There are indications that attacks on SWIFT (Society for Worldwide Interbank Financial Telecom) began as early as October 2015, with the bank in the Philippines being the first victim, two months before discovery of the failed attack on the Tien Phong Bank in Vietnam.
Some of the tools used against the Philippine bank have very similar code to the malicious software used by Lazarus, the team behind the Sony Pictures hack. The US government has repeatedly blamed North Korea for the November 2014 Sony Pictures hack.
Symantec's findings show once again to North Korea.
