BRUSSELS – A new cyberattack has been made against an unnamed bank, part of a co-ordinated campaign that follows February’s theft of $101 million from the Bangladesh central bank, the international money transfer supervisor Swift said Friday.
Belgium-based Swift said Friday that attackers had used malware to target a PDF reader at a bank, which it did not name, allowing them to transfer money and tamper with bank documents.
It did not say whether any money was taken but urged clients to urgently review their security systems.
Swift said forensic experts believe the use of the malware is “not a single occurrence, but part of a wider and highly adaptive campaign targeting banks.”
It underlined that the Swift system, which connects more than 11,000 banking and securities organizations as well as other clients moving billions each year, had not been compromised by the malware.
Swift said “the attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks.”
It said that know-how “may have been gained from malicious insiders or cyberattacks, or a combination of both.”
In February, cyberattackers stole $101 million from the Bangladesh central bank’s account in the Federal Reserve Bank of New York.
Bangladeshi investigators say that at least 20 foreigners were involved. They said the suspects were identified after investigators visited Sri Lanka and the Philippines, where the stolen money was transferred. Sri Lanka intercepted $20 million transferred there and returned it to Bangladesh.