As if an $81-million-dollar bank heist wasn’t spectacular enough, it now appears that the crime may mark the first time one country has used malicious code to steal money from another country.
The link to North Korea was made by security researchers at the firm Symantec. In looking into the attack on the bank in Bangladesh, the researchers found a rare piece of code that has only ever been found in two other hacker attacks: Sony Pictures in December 2014, and media companies in South Korea in 2013. The FBI has said North Korea was responsible for the Sony Pictures attack.
In a blog post, the Symantec researchers write about the hacker code that was common to the bank heists and the Sony Pictures hack:
Backdoor.Contopee has been previously used by attackers associated with a broad threat group known as Lazarus. Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea. The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment. The FBI concluded that the North Korean government was responsible for this attack.
The New York Times quotes Eric Chien with Symantec: “If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea.”
Researchers with Symantec and the British defense contractor BAE Systems both now say they see links between the Bangladesh bank heist and cyber-attacks on banks in Vietnam and Ecuador. In all 3 attacks on those banks, the hackers were able to compromise the security of what’s known as the SWIFT messaging system – what was thought to be the world’s most secure system for sending orders for financial transactions.