Reuters – Malware suspected in the Bangladesh central bank heist

Investigators suspect the attackers behind the Bangladesh central bank ‘s hack have used a malware to gather information for the Fed’s heist.

One of most intriguing stories this week is the hack of the Bangladesh account at the Federal Reserve Bank of New York.

The Bangladesh’s Finance Minister Abul Maal Abdul Muhith accused the U.S. Federal Reserve of the theft of at least $81 million stolen from the Bangladesh’s account.

The central bank of Bangladesh declared the funds had been stolen from an account by hackers, the experts had traced some of the missing funds in the Philippines.

In reality the hackers tried to steal much more, they tried to complete dozens of transfers for an overall amount of $850 million.

What happened?

While investigators are collecting evidence on the alleged hack, security experts made some speculation on the incident. It is likely hackers breached Bangladesh Bank in early February stealing credentials for payment transfers, then they used the credentials to order transfers out of a Federal Reserve Bank of New York account held by Bangladesh Bank.

Anyway it is a complex hack, the attackers had a deep knowledge about Bangladesh Bank’s procedures for ordering transfers, likely they spied on Bangladesh Bank staff to gather the information.

According to the Reuters, investigators believe hackers alleged used a malware to infect systems at the Bangladesh central bank. Two bank officials told to the Reuters that the attackers infiltrated the computer systems for weeks gathering information on the internal operation to use in the attack later.

“Investigators suspect that malicious software code, often referred to as malware, which allowed hackers to learn how to withdraw the money could have been installed several weeks before the incident, which took place between Feb. 4 and Feb. 5, said Bangladesh Bank officials briefed on the matter.” reported the Reuters.

The authorities hired the FireEye Inc’s Mandiant forensics division to investigate the cyber heist.

It is likely attackers have stolen the Bangladesh Bank’s credentials for the SWIFT messaging system, a network used by financial institutions and private corporates to authorize transfer financial transactions through a ‘financial message’.

“SWIFT and the Central Bank of Bangladesh are working together to resolve an internal operational issue at the central bank. SWIFT’s core messaging services were not impacted by the issue and continued to work as normal.” reads a statement issued on Friday by the SWIFT.

The incident could have serious repercussions on the way central banks worldwide operates, they need to review their processes and systems in order to prevent other attacks.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – US Federal Reserve, Bangladesh central bank)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.