A case of stolen credentials. The perfect storm.
Last month, hackers stole more than $100 million from Bangladesh’s account at the Federal Reserve Bank of New York and had been remotely monitoring activity at the South Asian nation’s central bank for several weeks. They also may have breached as many as 32 computers at the bank. In a sophisticated and coordinated cyberattack, the criminals, posing as Bangladeshi central bank officials, sent dozens of secure messages to the New York Fed, which transferred funds belonging to Bangladesh from the Fed to bank accounts in the Philippines and Sri Lanka.
The hackers introduced malware into the Bangladesh bank’s server, allowing them to process and authorize the transactions. Yikes! The cybercriminals deployed hacking tools, including keylogger software that monitors strokes on a keyboard, to steal Bangladesh Bank’s credentials for the Swift system, a closed network used by financial institutions around the world to authorize financial transactions through secure messages.
Swift is asking their customers to review their internal security in light of the breach of Bangladesh’s central bank. SWIFT continues to state that network itself was not breached.
The identified malware apparently had advanced features of command and control that was specifically designed for a targeted attack on Bangladesh Bank to operate on Swift Alliance Access (SAA) servers—the interface used by the central bank to access the Swift network. The FBI has joined the investigation.