Cybersecurity exerts said malware used to steal millions of dollars from the Bank of Bangladesh contains evidence suggesting the North Korean government may be responsible for that hacks and others.
Symantec and FireEye, two of the top cybersecurity firms in the United States, stated separately Thursday that whoever stole $81 million from Bangladesh’s central bank in February did so using malware similar to what was recently deployed against financial institutions in southeast Asia, including a bank in the Philippines.
Malware used in those attacks contained computer code that Symantec has previously attributed with a group hackers the security firm calls “Lazarus” — the same group blamed by the company for waging an attack in 2014 against Sony Picture Entertainment that resulted in millions of dollars of losses for the movie company.
While neither firm concluded with certainty that North Korean hackers are responsible for the recent wave of cyberattacks waged against the global financial sector, Symantec and FireEye acknowledged the similarities between malware deployed against the various banks.
Distinctive code used in multiple attacks against regional banks “means these tools can be attributed to the same group,” Symantec said in a blog post.
“If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea,” Symantec security researcher Eric Chien told The New York Times Thursday. “We’ve never seen an attack where a nation-state has gone in and stolen money.”
Marshall Heilman, vice president for Mandiant, FireEye’s parent company, told Reuters that the hackers behind the massive $81 million Bank of Bangladesh heist were believed to be responsible for a rash of similar attacks across region.
“There is a group operating in southeast Asia that definitely understands the bank industry and is at more than one location,” Mr. Heilman said Friday.
Mr. Chien told Reuters that a “pretty hard connection” exists to link the bank hackers to the Sony hack, which the U.S. government has blamed on Pyongyang.
• Andrew Blake can be reached at ablake@washingtontimes.com.
Please read our comment policy before commenting.