The malware used to steal $81 million from Bangladesh Bank has links to the 2014 attack on Sony Pictures Credit: TaxCredits.net Malware links suggest that North Korean hackers might be behind recent attacks against several Asian banks, including the theft of US$81 million from the Bangladesh central bank earlier this year. Security researchers from Symantec have found evidence that the malware used in the Bangladesh Bank cyberheist was used in targeted attacks against an unnamed bank in the Philippines. The same malware was also previously linked to an attempted theft of $1 million from Tien Phong Bank in Vietnam. Symantec confirmed the earlier findings of researchers from BAE Systems who found code similarities between the Bangladesh Bank malware, which was used to modify SWIFT transfers, and the malicious program used in attacks against Sony Pictures Entertainment in December 2014. The U.S. government attributed the Sony attack to North Korea. FBI Director James Comey said last year he had “very high confidence” in that attribution despite denials from the North Korean government and the skepticism of some security researchers. The hacker group behind the Sony attack is known in the computer security industry as Lazarus and has been active since at least 2009, primarily targeting organizations from the U.S. and South Korea. One of the malware programs in the group’s toolset is called Backdoor.Contopee. “Symantec has identified three pieces of malware which were being used in limited targeted attacks against the financial industry in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee,” the Symantec researchers said in a blog post. Backdoor programs provide unauthorized access to a computer, but their presence doesn’t necessarily reveal the attackers’ end goal. However, the motivation for those targeted attacks became clearer when similar code was found in Trojan.Banswift, which was used in the Bangladesh attack to manipulate SWIFT transactions, and earlier versions of Backdoor.Contopee, the researchers said. The primary link is a portion of code that wipes files using a unique routine. It is shared by Trojan.Banswift and Backdoor.Contopee. The file-wiping code has not been found in other malware programs, and Backdoor.Contopee was used by Lazarus in targeted attacks against banks in the region. Those connections led the Symantec researchers to believe Trojan.Banswift was also created by the same group. “The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region,” the Symantec researchers say. The announcement comes after a Bloomberg report that up to a dozen banks from Southeast Asia have hired security firm FireEye to investigate potential security breaches and SWIFT irregularities on their networks. Related content news Google Cloud issue blamed for UniSuper week-long service disruption A misconfiguration during provisioning triggered a previously unknown software bug, causing the deletion of UniSuper’s Private Cloud. By Elizabeth Montalbano May 08, 2024 4 mins Cloud Computing Data Center news IBM Power server targets AI workloads at the edge The Power S1012 server can be deployed in edge computing sites so IT teams can run AI inferencing workloads at the point of data and cut back on data transfers. By Michael Cooney May 08, 2024 3 mins Edge Computing Servers Data Center news HPE Aruba looks to fight AI threats with AI weapons HPE Aruba Networking Central gains AI-powered security observability and monitoring features. By Michael Cooney May 07, 2024 4 mins IoT Security Network Security news AI features boost Cisco's Panoptica application security software Cisco pads cloud-native security platform Panoptica with features that help customers protect containerized, microservice applications. By Michael Cooney May 07, 2024 5 mins Network Security Cloud Computing PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe