The malware used to steal $81 million from Bangladesh Bank has links to the 2014 attack on Sony Pictures Credit: TaxCredits.net Malware links suggest that North Korean hackers might be behind recent attacks against several Asian banks, including the theft of US$81 million from the Bangladesh central bank earlier this year. Security researchers from Symantec have found evidence that the malware used in the Bangladesh Bank cyberheist was used in targeted attacks against an unnamed bank in the Philippines. The same malware was also previously linked to an attempted theft of $1 million from Tien Phong Bank in Vietnam. Symantec confirmed the earlier findings of researchers from BAE Systems who found code similarities between the Bangladesh Bank malware, which was used to modify SWIFT transfers, and the malicious program used in attacks against Sony Pictures Entertainment in December 2014. The U.S. government attributed the Sony attack to North Korea. FBI Director James Comey said last year he had “very high confidence” in that attribution despite denials from the North Korean government and the skepticism of some security researchers. The hacker group behind the Sony attack is known in the computer security industry as Lazarus and has been active since at least 2009, primarily targeting organizations from the U.S. and South Korea. One of the malware programs in the group’s toolset is called Backdoor.Contopee. “Symantec has identified three pieces of malware which were being used in limited targeted attacks against the financial industry in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee,” the Symantec researchers said in a blog post. Backdoor programs provide unauthorized access to a computer, but their presence doesn’t necessarily reveal the attackers’ end goal. However, the motivation for those targeted attacks became clearer when similar code was found in Trojan.Banswift, which was used in the Bangladesh attack to manipulate SWIFT transactions, and earlier versions of Backdoor.Contopee, the researchers said. The primary link is a portion of code that wipes files using a unique routine. It is shared by Trojan.Banswift and Backdoor.Contopee. The file-wiping code has not been found in other malware programs, and Backdoor.Contopee was used by Lazarus in targeted attacks against banks in the region. Those connections led the Symantec researchers to believe Trojan.Banswift was also created by the same group. “The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region,” the Symantec researchers say. The announcement comes after a Bloomberg report that up to a dozen banks from Southeast Asia have hired security firm FireEye to investigate potential security breaches and SWIFT irregularities on their networks. Related content analysis HPE Aruba boosts Wi-Fi 7 AP capacity, eases IoT network management New 700 series Wi-Fi 7 access points from HPE Aruba offer faster performance, improved IoT and location capabilities, and twice as much SDRAM and flash memory for local data processing. By Michael Cooney Apr 23, 2024 4 mins Wi-Fi Network Security Networking brandpost Sponsored by Zscaler Legacy firewalls and VPNs still not up to par when stopping attacks Zero trust leaves the weaknesses of perimeter-based, network-centric, firewall-and-VPN architectures in the past. By Zscaler Apr 23, 2024 6 mins Network Security news Networking among tech roles forecast for growth in 2024 In the U.S., tech occupation employment is projected to increase by 203,125 jobs, or 3.5%, in 2024, according to CompTIA. By Denise Dubie Apr 23, 2024 3 mins Certifications IT Jobs IT Skills news European trade body lashes out at Broadcom’s VMware licensing changes CISPE said the economic viability of many cloud services utilized by customers in Europe is threatened by “the massive and unjustifiable hikes in prices, the re-bundling of products, the altered basis of billing.” By Prasanth Aby Thomas Apr 23, 2024 5 mins Technology Industry Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe