The malware used to steal $81 million from Bangladesh Bank has links to the 2014 attack on Sony Pictures Credit: TaxCredits.net Malware links suggest that North Korean hackers might be behind recent attacks against several Asian banks, including the theft of US$81 million from the Bangladesh central bank earlier this year. Security researchers from Symantec have found evidence that the malware used in the Bangladesh Bank cyberheist was used in targeted attacks against an unnamed bank in the Philippines. The same malware was also previously linked to an attempted theft of $1 million from Tien Phong Bank in Vietnam. Symantec confirmed the earlier findings of researchers from BAE Systems who found code similarities between the Bangladesh Bank malware, which was used to modify SWIFT transfers, and the malicious program used in attacks against Sony Pictures Entertainment in December 2014. The U.S. government attributed the Sony attack to North Korea. FBI Director James Comey said last year he had “very high confidence” in that attribution despite denials from the North Korean government and the skepticism of some security researchers. The hacker group behind the Sony attack is known in the computer security industry as Lazarus and has been active since at least 2009, primarily targeting organizations from the U.S. and South Korea. One of the malware programs in the group’s toolset is called Backdoor.Contopee. “Symantec has identified three pieces of malware which were being used in limited targeted attacks against the financial industry in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee,” the Symantec researchers said in a blog post. Backdoor programs provide unauthorized access to a computer, but their presence doesn’t necessarily reveal the attackers’ end goal. However, the motivation for those targeted attacks became clearer when similar code was found in Trojan.Banswift, which was used in the Bangladesh attack to manipulate SWIFT transactions, and earlier versions of Backdoor.Contopee, the researchers said. The primary link is a portion of code that wipes files using a unique routine. It is shared by Trojan.Banswift and Backdoor.Contopee. The file-wiping code has not been found in other malware programs, and Backdoor.Contopee was used by Lazarus in targeted attacks against banks in the region. Those connections led the Symantec researchers to believe Trojan.Banswift was also created by the same group. “The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region,” the Symantec researchers say. The announcement comes after a Bloomberg report that up to a dozen banks from Southeast Asia have hired security firm FireEye to investigate potential security breaches and SWIFT irregularities on their networks. Related content news UK court scrutinises legality of mainframe to cloud application migration technology IBM suing is LzLabs over reverse-engineering claims. By John Leyden Apr 29, 2024 3 mins Mainframes Technology Industry feature 7 tips for deploying Wi-Fi 6E The enhanced version of Wi-Fi 6 uses 6GHz frequency band for dense, high-traffic applications. By Eric Geier Apr 29, 2024 7 mins Wi-Fi Network Security Networking news Sovereign cloud demand booms in APAC amid geopolitical tensions Global spending on sovereign cloud solutions is expected to surpass $250 billion by 2027, according to IDC. By Gyana Swain Apr 29, 2024 4 mins Cloud Computing news Hitachi Vantara launches unified storage platform Virtual Storage Platform One provides on-premises and cloud storage of both structured and unstructured data. By Andy Patrizio Apr 26, 2024 2 mins Enterprise Storage Data Center PODCASTS VIDEOS RESOURCES EVENTS NEWSLETTERS Newsletter Promo Module Test Description for newsletter promo module. Please enter a valid email address Subscribe