Security investigators linked thefts from banks in Asia, including the $81 million stolen from the central bank of Bangladesh in February, to a hacking group in North Korea.
The research firm Symantec has been looking into the Bangladesh bank heist, and on Thursday it posted on its blog that a similar code used to steal Bangladesh’s millions was also used to hack a bank in the Philippines, as well as a failed attempt on a bank in Vietnam last year. The code, Symantec said, has also been linked to the 2014 hack of Sony Pictures’s emails.
Investigators say the malware the thieves used shared similarities to the code used by a hacking group known as Lazarus. The FBI has linked this group to the Sony hacks, and those hacks to North Korea. That group has also been tied to attacks as far back as 2009, which mainly focused on the U.S. and South Korea, but it is also believed to be responsible for hacks on countries all over the world, such as the $12 million stolen from an Ecuadoran bank last year.
The way hackers broke into the banks was by infiltrating the industry’s global messaging system, SWIFT. The system is run by the world’s largest banks, is based in Brussels, and prides itself on security.
The New York Times adds:
North Korea’s economy has been ravaged by sanctions, food shortages and other deprivations. Pyongyang does not publish economic data, but estimates have put North Korea’s gross domestic product between $12 billion and $40 billion, tiny when compared with South Korea’s economic output of more than $1.4 trillion.
An expert quoted by the Times said: “If you presume it’s North Korea, $1 billion is almost 10 percent of their G.D.P. This is not small change for them.”
Since investigators learned how hackers stole Bangladesh’s money, banks that had kept similar heists quiet have come forward: Just last week, it was revealed in a lawsuit that the Banco del Austro in Ecuador was targeted, as well.