North Korea Suspected of $81m Cyberheist from Bangladesh Account

Published: 27 March 2017

2013 Federal Reserve Bank of New York from Maiden Lane

Federal Reserve Bank of New York (Photo: Beyond My Ken)

By Jonny Wrate

 U.S. Federal prosecutors are investigating North Korea’s role in the attempted theft of nearly US$ 1 billion from the Central Bank of Bangladesh in February 2016. 

 Security researchers found a rare piece of code used in the theft that also appeared in the 2014 hacking attack on Sony Pictures, the New York Times reported on Sunday.

Deputy director of the NSA, Richard Ledgett, said last week that "if that linkage is true, that means a nation-state is robbing banks. That is a big deal."

If the theft would have succeeded, it would have amounted to almost 10 percent of the country’s GDP and it would have deprived Bangladesh of two thirds of what it had in its New York Fed account.

Hackers used the Bangladeshi bank’s credentials for SWIFT, a global payment messaging system, to authorize the transfer of US$ 951 million from its account at the Federal Reserve Bank of New York to a number of accounts in the Philippines.

A total of 70 payment orders were submitted in just a few hours, often with spelling and formatting errors. They included vague fees for forest conservation, consultancy and US$ 30 million for "ineligible expenses." Many of the orders were rejected, but the attackers were still able to transfer US$ 81 million to individuals in Manila.

The Philippines Senate said the individuals marked as beneficiaries of the money don’t exist.

Investigators believe the same group of hackers used the SWIFT service to attack banks in Vietnam and Ecuador.

In October 2016, hackers associated with North Korea – known as the Lazarus group - attempted to steal from over 20 Polish banks in a "watering-hole" attack, in which the victims download malware, and also attempted the same in Mexico and Uruguay.

According to cybersecurity firm Symantec, the trail of information left behind from the attack in Poland suggests that the hackers planned to target over 100 organizations around the world, including the World Bank, the European Central Bank and Bank of America.