Security researchers say a rare piece of code used in February’s $81 million cyberattack on the Bangladesh Central Bank was previously used in the devastating attack on Sony Pictures in 2014, an attack the FBI says was carried out by North Korea.
Researchers at Symantec published their findings Thursday, revealing the malware was connected to a hacking group known as Lazarus, which has been linked to “a string of aggressive attacks” since 2009, largely focused on targets in the U.S. and South Korea. The group is also linked to a related piece of malware the FBI says was used in the Sony Pictures attack, which the FBI attributed to state-sponsored hackers based in North Korea.
The researchers said the Lazarus group is also linked to an attack on the Tien Phong Bank in Vietnam where hackers tried to steal more than $1 million and revealed the hackers had attempted to use the same malware in attacks on a bank in the Philippines — providing “evidence that the group involved is conducting a wide campaign against financial targets in the region.”
The name of the bank in the Philippines allegedly attacked has not been revealed, and Nestor Espenilla, the Philippines central bank’s deputy governor, told Reuters no money had been stolen from any bank in the country — though he did not rules out cyberattacks.
Swift, which is a global payment network used by banks to transfer billions of dollars around the world every day, has issued a warning to customers to increase security measures after it said it had become aware of “a number of recent cyber incidents” where attackers had sent fraudulent messages over its system.
Symantec’s research is not the first to link the attack on the Bangladesh Central Bank. Earlier this month researchers at BAE Systems, Europe’s largest weapons-maker, which also has a significant cybersecurity business, said: “What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign.”
If North Korea was behind the attack on the Bangladesh Central Bank, then this would mark a watershed moment in campaigns carried out by hackers backed by governments, who until now have limited themselves to cyberespionage activities. “We’ve never seen an attack where a nation-state has gone in and stolen money,” Eric Chien, a security researcher at Symantec told the New York Times. “This is a first.”
The devastating attack on Sony Pictures, which began in December 2014, saw the studio’s internal computer system crippled and led to the publication of a huge trove of internal documents and emails, many of which embarrassed the company and its executives.
An anonymous group of hackers calling itself Guardians of Peace claimed responsibility for the attack, demanding Sony Pictures pull its film “The Interview,” a comedy starring James Franco and Seth Rogan revolving around a plot to kill North Korean leader Kim Jong Un.
While the FBI has officially accused North Korea of carrying out the attack, North Korea has consistently denied the accusations and doubts remain among security experts as to who was responsible, with some speculating Russian hackers carried out the attack.