SWIFT says hackers successfully infiltrated a commercial bank

Cyberhackers used malware to target a PDF reader at an unnamed bank, allowing them to transfer money and tamper with bank documents, global bank transfer co-operative SWIFT says.

The Belgium-basedSociety for Worldwide Interbank Financial Telecommunication a co-operative of more than 11,000 global banks that allows them to securely transfer billions of dollars worth of transactions between themselves every year saidone of its members was compromised by cybercriminalsin a manner similar to the recent theft of more than $100 million from Bangladesh's central bank.

• Iranian hackers charged in attack on U.S. banks
• How a hacker's typo stopped a billion-dollar bank heist

SWIFTsaid Friday that attackers had malwareto target a PDF reader at a bank, which it did not name, allowing them to transfer money and tamper with bank documents.

SWIFT declined to confirm whether any funds had been taken out, but urged its clients to review their security systems.

The group described the hack as "not a single occurrence, but part of a wider and highly adaptive campaign targeting banks."

Essentially, SWIFT says that hackers managed to steal enough informationfrom a member bank that allowed them to transfer funds via SWIFT's network because the transaction would have looked legitimate and had the right credentials.

Swift said "the attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks."

It said that know-how "may have been gained from malicious insiders orcyberattacks, or a combination of both."

• Hacker ring stole $1B from banks in 30 countries
• Starbucks app used to hack into bank accounts, credit cards

SWIFT's network is believed to be among the most secure ways in the world oftransferringmoney, but two major breaches in the span of as many months is a concerning development for the people who run the communications networkthat underpins the world's financial system.

Weapons maker BAE Systemsalso has a large cybersecurity business and it said Fridayit had uncovered evidence linking malicious software used in the Bangladesh heist to the high-profile attack on Sony's Hollywood studio in 2014 and other cases.

"What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign," BAE's cyber-security team said in a report it released on Friday.

BAE also said it uncovered malware that was recently used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT money-transfer network. The malware operated "in a similar fashion" to the Bangladesh Bank hack, BAE said.

Bangladeshi investigators say that at least 20 foreigners were involved. They said the suspects were identified after investigators visited Sri Lanka and the Philippines, where the stolen money was transferred. Sri Lanka intercepted $20 million transferred there and returned it to Bangladesh.