Bangladesh heist hackers compromised SWIFT software – report
BAE researchers told Reuters they detected the malware the cybercriminals used to manipulate SWIFT software, known as Alliance Access.
"I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile," Adrian Nish, BAE's head of threat intelligence said.
Nish added that even though the malware was written exclusively to attack the Bangladesh Central Bank, cybercriminals may use the same pattern in the future.
Investigators of the case have said the hackers used stolen credentials from Bangladesh Bank computers to log into the SWIFT system. The new research shows the SWIFT software was allegedly compromised to hide the tracks of fraudulent transfers.
SWIFT confirmed to Reuters that it knew about the malware targeting its client software. According to spokeswoman Natasha Deteran, SWIFT plans to release a software update on Monday to block the malware, and will send a special warning to financial institutions.
Deteran added that "the malware has no impact on SWIFT’s network or core messaging services."
In February, the hackers attempted to steal $951 million from the Bangladesh central bank's account at the US Federal Reserve Bank of New York. While the majority of payments were blocked, they managed to get access to $81 million, traced to the Philippines.
The requests for money transfers looked real to the Fed. They appeared to be coming from a Bangladesh server, and the criminals used the correct bank codes to authenticate the transfers.
SWIFT’s messaging services are used by about 11,000 financial institutions in more than 200 countries. In 2014, it processed 25.6 billion financial messages.