Second hacker group targets SWIFT users, Symantec warns

  • TECH
  • Wednesday, 12 Oct 2016

Group two: Symantec Corp said that a group dubbed Odinaff has infected 10 to 20 organisations with malware that can be used to hide fraudulent transfer requests made over SWIFT.

Cyber-security firm Symantec Corp said on Oct 11 that a second hacking group has sought to rob banks using fraudulent SWIFT messages, the same approach that yielded US$81mil (RM338.97mil) in the high-profile February attack on Bangladesh's central bank.

Symantec said that a group dubbed Odinaff has infected 10 to 20 organisations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.

Symantec's research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise.

SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, Britain and Ukraine.

Symantec said it would share technical information about Odinaff with banks, governments and other security firms.

The company in May said it believed the Bangladesh heist was carried out by a group known as Lazarus, which was also responsible for attacks on SWIFT customers in South-East Asia as well as the 2014 hack of Sony Pictures Entertainment.

The US Government has blamed North Korea for the Sony attack.

Symantec researcher Eric Chien said his firm has not confirmed that North Korea was behind Lazarus, but that the high level of sophistication of its work suggests involvement by a nation state.

Odinaff, on the other hand, appears to be a financially motivated criminal group, not a nation state, he added.

SWIFT spokeswoman Natasha de Terán said that the messaging cooperative's customer security intelligence team had sent a warning about Odinaff's activities to its members in the early summer.

That warning included technical indicators to help thwart potential attacks and a description of the group's habits, Terán said.

Symantec said it believed that Odinaff is linked to Carbanak, a hacking group that has been targeting banks and merchant point-of-sale systems since at least 2014.

The two groups employ similar tactics in carrying out attacks and have used the same IP addresses to connect to their servers, according to Symantec. — Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3

Did you find this article insightful?


Next In Tech News

Will remote working be the new norm in tomorrow’s world?
Facebook’s AI mistakenly bans ads for struggling businesses
HTTPS only: Firefox now blocks websites without encrypted connections
PlayStation 5 giveaways: Real deal, phishing or data scam?
For Big Tech, Biden brings a new era but no ease in scrutiny
Twitter has flagged 200 of Trump’s posts as ‘disputed’ or misleading since the US election day – does it make a difference?
China tops world in AI patent filings, surpassing the US for the first time
SAIC Motor, an early adopter of the smart car, sets up US$1bil fund to invest in Internet-linked vehicles with Alibaba
Greece puts faith in online schooling
PDRM: Fake Bank Negara apps and websites cost victims RM5.2mil in losses

Stories You'll Enjoy