Skip to main content

Bank of Bangladesh Cyber Attack

The attackers who stole $81 million (Ā£55.8 million) from the Bangladesh central bank probably hacked into software from the SWIFT financThe 2016 Bangladesh Bank heist is a notable example of a sophisticated cyber attack on the SWIFT network. Here's a step-by-step breakdown of the key technical aspects of the attack

In the cyber-security industry the North Korean hackers are known as the Lazarus Group, a reference to a biblical figure who came back from the dead; experts who tackled the group's computer viruses found they were equally resilient.

Little is known about the group, though the FBI has painted a detailed portrait of one suspect: Park Jin-hyok, who also has gone by the names Pak Jin-hek and Park Kwang-jin.



1. Initial Compromise

Phishing Attack:

  • The attackers initially compromised the Bangladesh Bank's system by sending spear-phishing emails to employees.
  • These emails contained malicious attachments, which, when opened, installed malware on the bank's network.

2. Gaining Access

Malware Deployment:

  • The attackers deployed custom malware designed to gain access to the bank’s internal network and the SWIFT system.
  • The malware allowed the attackers to monitor the network and obtain credentials and other necessary information.

3. Understanding the Network

Reconnaissance:

  • After gaining access, the attackers spent several months conducting reconnaissance.
  • They learned how the bank’s SWIFT system operated, identified key personnel, and understood the network topology.

4. Manipulating the SWIFT Software

Modifying SWIFT Software:

  • The attackers altered the bank’s SWIFT Alliance Access software.
  • They inserted malware that intercepted and manipulated legitimate SWIFT messages.
  • This malware also deleted the fraudulent transaction logs to cover their tracks.

5. Initiating Fraudulent Transactions

Sending Unauthorized Transactions:

  • The attackers used the SWIFT credentials they had stolen to send fraudulent messages.
  • They sent about 35 fraudulent SWIFT transfer requests, totaling nearly $1 billion, from the Federal Reserve Bank of New York to accounts in the Philippines and Sri Lanka.

6. Avoiding Detection

Evasion Tactics:

  • The malware prevented the bank from receiving confirmation messages about the transactions.
  • It altered the transaction records to hide evidence of the fraudulent transactions.


7. Laundering the Money

Money Laundering:

  • Once the money reached the recipient accounts, it was quickly moved through a series of transactions to launder it.
  • In the Philippines, some of the funds were laundered through casinos, making it difficult to trace.

Detection and Response

Discovery:

  • The fraudulent transactions were eventually discovered when a typo in one of the transfer requests (spelling ā€œfoundationā€ as ā€œfandationā€) triggered suspicion and led to a manual review.
  • The Federal Reserve Bank of New York contacted Bangladesh Bank to verify the suspicious transactions.

Investigation:

  • Upon discovering the breach, Bangladesh Bank and international authorities began an investigation.
  • It was found that about $81 million had been successfully stolen.

Key Takeaways

Security Measures:

  • Regular updates and patches to systems to protect against vulnerabilities.
  • Enhanced monitoring and anomaly detection systems to identify suspicious activities.
  • Multi-factor authentication for accessing critical systems and networks.
  • Employee training to recognize and respond to phishing attempts.

The Bangladesh Bank heist underscored the need for robust cybersecurity measures and the risks associated with sophisticated cyber attacks on financial institutions.ial platform that is at the heart of the global financial system, said security researchers at British defence contractor BAE Systems.



The 10 Most (In)Famous Hacking Groups
    1. Anonymous.
    2. Fancy Bear, APT29 (Cozy Bear), and Pawn Storm.
    3. Lazarus Group.
    4. Carbanak (Anunak).
    5. The Dark Overlord.
    6. The Equation Group.
    7. TA505 (Evil Corp) .
    8. DarkSide.

    Lazarus Group

    Lazarus Group is a notorious North Korean hacker group known for its destructive cyberattacks. They gained worldwide attention for its 2014 hack of Sony Pictures in retaliation for the movie The Interview.

    The group is also responsible for the global WannaCry ransomware attack in 2017 that encrypted users' files, demanding a ransom in Bitcoin for decryption. 

    Lazaruas Group has stolen billions of dollars from banks in Ecuador, Vietnam, Poland, Mexico, and Bangladesh. They use a variety of tactics in their operations but are best known for their spear-phishing campaigns leading to the installation of their own custom malware, such as Destover and Joanap.

    Silent Chollima, DarkSeoul, and Whois Team are also thought to be North Korean hackers, and some experts believe they might be sub-groups or different names used by Lazarus Group. Their targets have included government agencies, media organizations, defense contractors, and supply chains. 

    Comments

    Popular posts from this blog

    Microservices design patterns

    Microservices design pattern Next :  saga-design-pattern-microservices

    Runtime Fabric (RTF)

    MuleSoft's Anypoint Runtime Fabric (RTF) has many features that help with deployment and management of Mule applications: Deployment: RTF can deploy applications to any environment, including on-premises, in the cloud, or in a hybrid setup. It can also automatically deploy Mule runtimes into containers. Isolation: RTF can isolate applications by running a separate Mule runtime server for each application. Scaling: RTF can scale applications across multiple replicas. Fail-over: RTF can automatically fail over applications. Monitoring and logging: RTF has built-in monitoring and logging capabilities to help teams troubleshoot issues and gain insights into application performance. Containerization: RTF supports containerization, which allows applications to be packaged with their dependencies and run consistently across different environments. Integration: RTF can integrate with services like SaveMyLeads to automate data flow between applications. Management: RTF can be managed with A...

    Integration Design Patterns

    Understanding Integration Design Patterns: Integration design patterns serve as reusable templates for solving common integration problems encountered in software development. They encapsulate best practices and proven solutions, empowering developers to architect complex systems with confidence. These patterns abstract away the complexities of integration, promoting modularity, flexibility, and interoperability across components. Most Common Integration Design Patterns: Point-to-Point Integration: Point-to-Point Integration involves establishing direct connections between individual components. While simple to implement, this pattern can lead to tight coupling and scalability issues as the number of connections grows. Visualizing this pattern, imagine a network of interconnected nodes, each communicating directly with specific endpoints. Publish-Subscribe (Pub/Sub) Integration: Pub/Sub Integration decouples producers of data (publishers) from consumers (subscribers) through a central ...