SWIFT hackers also targeted US bank. Pull out a hanky – hedge funds are at risk
June 14, 2016
Shah Sheikh (1294 articles)

SWIFT hackers also targeted US bank. Pull out a hanky – hedge funds are at risk

The Lazarus Group of hackers, blamed for a recent run of attacks against mainly Asian banks linked through the SWIFT network, is now suspected of targeting a mid-market US bank.

Evidence uncovered by threat detection firm eSentire suggests that the Lazarus crew (which is also the chief suspect in the 2014 Sony Pictures hack) is also targeting mid-market financial companies in the US.

An August 2015 attack against an unnamed US bank started months before the hackers lifted the SWIFT authorisation credentials from the central bank of Bangladesh and stole $81m from an account it held at the Central Reserve Bank in New York, among other similar attacks.

Hedge funds and asset managers may also be at risk from attacks launched by the same group of hackers – which separate research by Symantec and BAE Systems has linked to North Korea.

“The entire hedge fund/asset manager world makes extensive use, and by extension, trust of the SWIFT network to arrange and settle wire transfers; indications of SWIFT compromise (with ties to Lazarus) is an indicator in a new attack layer,” eSentire warns.

“The August 2015 breach attempt and its affiliation with the growing list of global bank hacks amplifies the urgency for firms still lacking proactive cybersecurity defences and strategy,” it added. “The SEC’s recent comments indicate renewed interest in pushing reform requiring compliance from broker-dealers and investment advisers. While they may be smaller than other financial counterparts, clearly they’re not immune to the broader net cast against financial institutions.”

Ontario-based eSentire has passed on evidence of malfeasance to the FBI and SEC, it says. A blog post by eSentire providing more detail on its suspicions that the mendacious web of the Lazarus group extends more widely than previously suspected can be found here. ®

Source | TheRegister