This website uses cookies. By navigating around this site you consent to cookies being stored on your machine

Two bytes to $951m

In February 2016 one of the largest cyber heists was committed and subsequently disclosed. Discover the details in our technical threat research blog post detailing the malware used in this targeted attack.
Two bytes to $951mIn February 2016 one of the largest cyber heists was committed and subsequently disclosed. An unknown attacker gained access to the Bangladesh Bank’s (BB) SWIFT payment system and reportedly instructed an American bank to transfer money from BB’s account to accounts in The Philippines. The attackers attempted to steal $951m, of which $81m is still unaccounted for. 
 
The technical details of the attack have yet to be made public, however we’ve recently identified tools uploaded to online malware repositories that we believe are linked to the heist.
 
The custom malware was submitted by a user in Bangladesh, and contains sophisticated functionality for interacting with local SWIFT Alliance Access software running in the victim infrastructure. 
 
This malware appears to be just part of a wider attack toolkit, and would have been used to cover the attackers’ tracks as they sent forged payment instructions to make the transfers. This would have hampered the detection and response to the attack, giving more time for the subsequent money laundering to take place. 
 
The tools are highly configurable and given the correct access could feasibly be used for similar attacks in the future...
 
 
 
top
BAE Systems, Threat Research Team 26 April 2016