A fourth bank, this time in the Philippines, was attacked by hackers targeting the SWIFT interbank system.
Symantec's security researchers say it is the same group that carried out the famous 81-dollar robbery at Bangladesh's central bank last February, and another 2015 attack in the Philippines.
The same group of hackers was also accused of XMUMX theft of millions of dollars from the Bank of Ecuador Banco del Austro SA, in which they again managed to break the SWIFT system. Suspicions seem to be true, as in all of the hacks mentioned above, the same malware has been used, which suggests that behind it is the group itself, according to Symantec.
Symantec has identified three malware used in targeted targeted attacks against the financial industry in Southeast Asia: Backdoor.Fimlis, Backdoor.Fimlis.B and Backdoor.Contopee.
It is not yet clear what the motives behind these attacks are, but there is a common coding in the Trojan.Banswift (used in Bangladesh's attack to manipulate the SWIFT system) and backdoor.contopee variants.
All of the above malware also use a common practice. They delete him malicious code to cover bank attacks and their tracks in general. This particular practice matches the one used in the Sony Pictures attacks, according to Symnatec researchers.
Symantec believes malicious code is shared among malware and the fact that Backdoor.Contopee has been used in limited targeted attacks against financial institutions in the region, means that these tools can be attributed to the same hacking team.
Backdoor.Contopee has been used in the past by attackers associated with a group known as Lazarus. The Lazarus group has been linked to a series of attacks in 2009, largely focused on targets in the US and South Korea. The group was linked to Backdoor.Destover, a particularly destructive Trojan that even prompted the FBI to issue a warning after it was used in an attack against Sony Pictures Entertainment. The FBI then concluded that the government of North Korea was responsible for this attack.
How deep is the rabbit hole?
There are indications that the attacks on SWIFT (Society for Worldwide Interbank Financial Telecom) began in October of 2015, with the bank in the Philippines being the first victim, two months before the discovery of a failed attack on Tien Phong Bank in Vietnam.
Some of the tools used against the Philippine bank have too many similarities in code with malware used by Lazarus, the team behind the Sony Pictures hack. The US government has repeatedly blamed North Korea for the November 2014 Sony Pictures hack.
Symantec's findings show once again to North Korea.
