Connect with us

Hi, what are you looking for?



Second SWIFT Attack Hits Vietnam Bank Showing Links to Sony Hack

At a financial conference in Frankfurt, Thursday, SWIFT’s chief executive Gottfried Leibbrandt told the audience that the $81 million theft from the Bangladesh central bank’s New York account “was from our perspective a customer fraud.” He added, “I don’t think it was the first, I don’t think it will be the last.”

At a financial conference in Frankfurt, Thursday, SWIFT’s chief executive Gottfried Leibbrandt told the audience that the $81 million theft from the Bangladesh central bank’s New York account “was from our perspective a customer fraud.” He added, “I don’t think it was the first, I don’t think it will be the last.”

On the same day the New York Times reported that it had seen a letter SWIFT plans to share with its users today “on a secure part of its website.” This letter warns of a second breach that has manipulated the SWIFT network.

The attack was apparently on an unnamed commercial bank in Vietman, and occurred at some point during the last few months.

SWIFT warns that the second breach has similarities to the the Bangladesh theft, and appears to be part of a broad attack against world banking. “The attackers clearly exhibit a deep and sophisticated knowledge of specific operation controls within the targeted banks — knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both,” warns the letter.

Researchers from BAE Systems in April said they found what was assumed to be the malware used in the Bangladesh Central Bank hack after malware samples were uploaded to repositories.

According to a report released today by BAE Systems, the malware used in the Bangladesh Central Bank theft could be be linked to other cyberattacks, including the massive attack against Sony Pictures in 2014. BAE detailed the toolkit used in a report on Op Blockbuster, which the company released this past February to unravel what is known about the Sony attack.

BAE has said that a commercial bank in Vietnam also appears to have been targeted in a similar fashion using customer malware based off a common code-base.

Advertisement. Scroll to continue reading.

According to BAE, the developers exclusively use a Visual C++ 6.0 development environment. 

In both attacks, it appears that the hackers understood the different transfer validation methods used by the banks. In the Bangladesh heist the attackers knew and tailored their malware to interfere with the printer that produced printouts used to check and validate transfers. In the second bank, PDF files were used for validation, and in this attack malware manipulated the PDF to “remove traces of the fraudulent instructions.”

This suggests that either the attackers were inside the banks’ networks for long enough to learn how the banks’ systems work, or they had inside information from a bank employee. If the former, then there has to be concern that other banks may already be similarly compromised. If the latter, then the proceeds of the Bangladesh theft could be re-invested to bribe and corrupt employees in other banks.

Both attacks were against the banks that use SWIFT, rather than SWIFT itself. Certainly in the Bangladesh attack, entry to the SWIFT system was via the central bank of a developing country, not via a bank in a major financial center. SWIFT’s problem is that it has thousands of such backdoors around the world.

Once the individual banks were compromised, they could ‘legitimately’ manipulate the SWIFT transfer system. “Your first priority should be to ensure that you have all the preventative and detective measures in place to secure your own environment,” Swift says in its message to be posted today. “This latest evidence adds further urgency to your work.”

While experts from BAE Systems believe the same attacker was behind the attacks in Bangladesh and Vietnam, they did not attribute the attack to any specific group or nation.

“As for who that person might be, who the coder is, who they work for, and what their motivation is for conducting these attacks cannot be determined from the digital evidence alone,” BAE’s Sergei Schenvchenko and Adrian Nish wrote in a blog post. 

(Additional reporting by Mike Lennon)

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join security experts as they discuss ZTNA’s untapped potential to both reduce cyber risk and empower the business.


Join Microsoft and Finite State for a webinar that will introduce a new strategy for securing the software supply chain.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...