Showing posts with label SWIFT. Show all posts
Showing posts with label SWIFT. Show all posts

Thursday, March 15, 2018

SWIFT: India City Union Bank Heist

TLP AMBER ANNOUNCEMENT:

On Saturday 17 February 2018, India’s City Union Bank disclosed that its systems were hacked. They discovered that three fraudulent remittances, totaling nearly $2 million, were sent to accounts in Dubai, Turkey, and China via the SWIFT financial platform. SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, is the world’s largest electronic payment messaging system, facilitating the exchange of more than $6 trillion a day. The majority of international interbank messages use the SWIFT network. This network enables financial institutions worldwide to send and receive information about financial transactions in a secure, standardized and reliable format. SWIFT sends payment orders, which must be settled by correspondent accounts that the institutions maintain with each other. SWIFT bank heists in the past have been attributed, with medium confidence, to North Korean actors...READ MORE

Wapack Labs has cataloged and reported on cyber threats targeting SWIFT in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

WWW.WAPACKLABS.COM

This TLP AMBER report is available only to Red Sky Alliance members.
Posted by at
Labels: , , , , , ,

Friday, December 22, 2017

Hackers Compromised Russian Bank And Used SWIFT for Withdrawal

On 15 December 2017, a Russian bank lost somewhere between $100,000 and $1 million US dollars after hackers sent SWIFT wire transfers abroad to Europe, Asia, and America. The bank was compromised (medium confidence) by a hacker group who sent malicious attachments to a number of different banks a few weeks prior. SWIFT was not compromised, but was used as a tool to siphon money from the compromised bank. The bank is going through ownership reorganization. Prior to this incident, it was receiving financial regulator warnings regarding its cyber security posture...READ MORE

Wapack Labs has cataloged and reported on attacks targeting banks and SWIFT in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

Posted by at
Labels: , , , ,

Wednesday, June 7, 2017

NK Lazarus Threat to the Financial Sector Remains High

Newly discovered Command & Control (C2) Internet Protocols (IPs) confirm the geolocation of North Korean threat actors, Lazarus Group; despite their deliberate attempts at misdirection. They are known for their custom-tailoring and reuse of code between malware families and campaigns. Since 2009, Lazarus Group has targeted Asian-based financial institutions, European and South American financial institutions, and media companies, such as Sony Pictures. Recent financial and trading sanctions, levied on North Korea, will increase the likelihood of attacks on financial sectors; similar to the documented attacks, leveraging the Society for Worldwide Interbank Financial Telecommunications (SWIFT), to compromise central banks...READ MORE

Wapack Labs has cataloged and reported extensively on financial compromise and the Lazarus Group in the past. An archive of related reporting can be found in the Red Sky Alliance portal.

Posted by at
Labels: , , , , , , ,
Subscribe to: Posts (Atom)