(Technical details of the attack are contained not only in cyber threat intelligence reporting but also in the Department of Justice’s indictment of North Korean hacker Park Jin Hyok.)
TROVE HACKS 2017 SERIES
A series of phishing email campaigns and escalations were conducted targeting the Bangladesh Bank with malware resulting in access to the SWIFTLIVE system by January 2016, paving the way for the next month’s attack. By January 2015 attention was turned to the Bangladesh Bank and the first phishing emails were sent the next month. The attackers may have begun planning the February 2016 heist in October of 2014 when, according to FireEye, the North Korean hackers first began conducting online research on banks in Bangladesh. The attack was attributed to members of North Korea’s Bureau 121, also known as Lazarus Group, Bluenoroff, APT38, and several other names. US $20 million was transferred to a company in Sri Lanka while US $81 million was routed to the Rizal Commercial Banking Corporation (RCBC) in the Philippines.
Thirty of those orders were stopped for review and cancelled, but five orders totaling US $101 million were completed. In February of 2016 thirty five fraudulent orders were sent over the SWIFT network, a telecommunications system linking financial institutions used to exchange information on transactions, to transfer a total of US $1 billion from the Bangladesh Bank’s account with the New York Federal Reserve Bank. FOIA Advisory Committee Oversight Reports.
0 kommentar(er)
