Symantec: SWIFT attackers' malware also used in PH bank attack
MANILA, Philippines – Security software company Symantec reported Thursday, May 26, that an unnamed bank in the Philippines was also attacked by the group that took $81 million from Bangladesh's central bank.
The same software was also used in an attempt to steal over $1 million from Vietnam's Tien Phong Bank.
According to Symantec's report, some of the tools used in the targeted attacks share similarities in code with malware used in other attacks linked to the group known as Lazarus.
These attacks can be traced back to around October 2015 – two months before the failed Vietnam attack which was previously seen as the earliest known incident.
An analysis of 3 pieces of malware – Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee – showed code sharing between early variants of Backdoor.Contopee and Trojan.Banswift, which was used in the Bangladesh attack. Symantec thus believes, as a result of the code sharing and the usage of the malware, that the tools can be attributed to the same group of attackers.
Symantec also said Backdoor.Contopee was previously used by attackers associated with the Lazarus threat group.
It added: "Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea. The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment. The FBI concluded that the North Korean government was responsible for this attack."
Symantec believes the group is conducting a "wide campaign against financial targets in the region," and reminds banks and other financial institutions to be vigilant. – Rappler.com
We mean business
We mean business in delivering to you the latest information about the economy. But as the saying goes, there’s no such thing as a free lunch.
Rappler aims to continue providing free and fearless journalism – without paywalls and editorially independent from outside interests.
However, we need your help. Reader support enables us to continue telling more stories.
By joining Rappler PLUS, you will receive our editorial newsletters and industry reports, get to join exclusive online conversations with our award-winning journalists, and be part of our monthly events.
Make your move now. Join Rappler PLUS.