Odinaff – the latest and newest threat.
Symantec Corp announced that a second hacking group has sought to rob banks using fraudulent SWIFT messages, the same approach that yielded $81 million in the high-profile February attack on Bangladesh’s central bank. The cyber-security firm reported that a group dubbed Odinaff has infected 10 to 20 organizations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.
SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank noting that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine. Symantec said it would share technical information about Odinaff with banks, governments and other security firms.
The company in May said it believed the Bangladesh heist was carried out by a group known as Lazarus, which was also responsible for attacks on SWIFT customers in Southeast Asia as well as the 2014 hack of Sony Pictures Entertainment. The U.S. government has blamed North Korea for the Sony attack.
Symantec did not confirm that North Korea was behind Lazarus, but that the high level of sophistication of its work suggests involvement by a nation state. Odinaff appears to be a financially motivated criminal group. SWIFT warned its members in the early summer about Odinaff’s activities. Symantec said it believed that Odinaff is linked to Carbanak, a hacking group that has been targeting banks and merchant point-of-sale systems since at least 2014.
The Odinaff attackers’ use a variety of methods to break into the networks of targeted organizations. One of the most common methods of attack is through lure documents containing a malicious macro. If the recipient opts to enable macros, the macro will install the Odinaff Trojan on their computer.
The discovery of Odinaff indicates that banks are at a growing risk of attack. Over the past number of years, cybercriminals have begun to display a deep understanding of the internal financial systems used by banks. They have learned that banks employ a diverse range of systems and have invested time in finding out how they work and how employees operate them. When coupled with the high level of technical expertise available to some groups, these groups now pose a significant threat to any organization they target.