Second bank hit by malware attack, says Swift
Swift warns of sophisticated cyber-attack on second bank after the Bangladesh heist
Swift, the global financial messaging network, has revealed a second bank has suffered a malware-based attack, similar to the $81m cyber-heist at the Bangladesh central bank in February this year.
It has been reported that the hackers used malware, called "Trojan PDF reader", to target a PDF reader used by the customer to check its statement messages, but whether any money has been stolen or if the bank's computer systems were compromised, has not been confirmed.
Swift spokeswoman, Natasha de Teran, confirmed the attack to Reuters but refused to name the bank involved but revealed a commercial institution has been targeted.
She added that the attacks had a "deep and sophisticated knowledge of specific operational controls" at the banks and touted the idea that the heist was aided by "malicious insiders or cyber-attacks, or a combination of both."
According to Reuters, forensic experts said the second case showed that the Bangladesh heist "was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks."
A UK-based security firm, BAE Systems, said it believes the second victim is a commercial bank in Vietnam, however this theory has not been confirmed. BAE Systems is not investigating the attack, but in a blog post the company said it has analysed code samples from the Bangladesh hack, this second hack and the Sony Pictures attack which occurred in 2014. BAE indicates the hackers may be responsible for all three attacks.
The Swift (Society for Worldwide Interbank Financial Telecommunication) system is a global messaging network used by 11,000 financial organisations to communicate securely and is used to move billions of dollars every day. The thought that its core system has been breached would put every associated institution on high alert.