Malware Links Bangladesh Bank Heist to Sony Hack, Find Researchers

Researchers have linked malware behind a heist at the Bangladesh Bank earlier this year to malicious software used in the 2014 Sony hack.In late April, the British defense contractor BAE Systems disclosed its belief that attackers had used “evtdiag.exe,” a malicious program its security researchers originally found in a malware repository, to infiltrate Bangladesh Bank’s computer system back in February.The Bangladesh Bank (Source: Reuters UK)The malware is designed to make a slight alteration to Access Alliance software in SWIFT, a secure messaging service provider for Bangladesh Bank and 11,000 other financial organizations all over the world.BAE believes the attackers leveraged evtdiag.exe to modify a database at the Bank and acquire the ability to monitor incoming records of transfer records as well as remove traces of money orders they made.In total, the attackers attempted to fraudulently transfer one billion dollars out of the bank. All but four orders amounting to $81 million were eventually canceled by other routing banks and the Federal Reserve.Bangladesh Bank is currently working to recover its lost monies.In the meantime, researchers at BAE have published a report in which they explain that evtdiag.exe bears “the same unique characteristics” to software used in “Operation Blockbuster,” an attack campaign that dates back to at least 2009 and which includes the 2014 incident where attackers breached the computer systems at Sony Pictures Entertainment.

Leave a Reply