$100M Bangladesh bank heist linked to hacks on Philippine bank, Sony Pictures

Hackers who stole$81 million US ($105 million) from Bangladesh's central bank have been linked toan attack on a bank in the Philippines, in addition to the 2014hack on Sony Pictures, cybersecurity company Symantec Corpsaid in a blog post.

The U.S. Federal Bureau of Investigation has blamed NorthKorea for the attack on Sony's Hollywood studio.

• North Korea linked to Sony hack: U.S. official
• Sony hacking leads to U.S. sanctions against North Korea

A senior executive at Mandiant, the cybersecurity companyinvestigating the Bank Bangladesh heist, also told Reuters thehackers had recently penetrated banks in Southeast Asia.

In the blog post published on Thursday, Symantec did notname the Philippines bank or say whether any money was stolen,but said the attacks could be traced back to October last year.It did not identify the hackers.

The Philippines central bank's deputy governor, NestorEspenilla, told Reuters that no bank in the country had lost
money to hackers, although he did not rule out the possibilityof cyber attacks.

"We are checking if there are similar attacks on Philippinebanks," Espenilla said. "However, no reported losses so far."

He added: "It is one thing to be attacked. It is another tolose money."

Marshall Heilman, vice president for Mandiant, a part ofU.S.-based FireEye, said it was not known whether any
money was lost in the other attacks he described or whether thehackers had been successfully blocked.

4 known attacks on SWIFT

"There is a group operating in Southeast Asia that definitelyunderstands the bank industry and is at more than one location,"he said.

Heilman declined to identify the country or countries, orthe institutions attacked. He said it was the same group as the
one involved in the Bank Bangladesh theft and that the attackswere recent, but declined to be more specific.

Central banks elsewhere in Southeast Asia - Singapore,Indonesia, Brunei, Myanmar, Laos, Cambodia, Vietnam, Thailandand East Timor - have declined comment or denied knowledge ofany other breaches.

There have been at least four known cyber attacks against abank involving fraudulent messages on the SWIFT paymentsnetwork, one dating back to 2013. SWIFT, the Society forWorldwide Interbank Financial Telecommunication, urged banksthis week to bolster their security, saying it was aware ofmultiple attacks.

Banks around the world use secure SWIFT messages for issuingpayment instructions to each other.

SWIFT said earlier this week that February's Bangladesh Bankhack was a "watershed event for the banking industry" and thatit was "not an isolated incident."

Spokeswoman Natasha de Teran said on Thursday that SWIFT was"actively looking into other possible instances of such fraud,"but would not comment on individual entities.

Symantec said it had identified three pieces of malware thatwere used in limited targeted attacks against financialinstitutions in Southeast Asia.

Hacking group Lazarus

One of the malicious programs has been previously associatedwith a hacking group known as Lazarus, which has been linked tothe devastating attack on Sony's Hollywood studio in 2014.

"There is a pretty hard connection now to the Sony attacksand the actor behind them" and the Bangladesh heist, Eric Chien,technical director at Symantec, said in an interview.

Another cybersecurity firm, BAE Systems, said this monththat the distinctive computer code used to erase the tracks ofhackers in the Bangladesh Bank heist was similar to code used toattack Sony.

Chien said that if North Korea was responsible for the hackson banks via the SWIFT messaging network it would represent thefirst known episode of a nation-state stealing money in a cyberattack.

Policymakers, regulators and financial institutions aroundthe world are stepping up scrutiny of the cyber security of theSWIFT payments system after hackers used it to make fraudulenttransfers totaling $81 million US ($105 Million)out of Bank Bangladesh's accountat the Federal Reserve Bank of New York.

Symantec and other researchers have also linked the hack toa failed attempt to use fraudulent SWIFT messages to steal froma commercial bank in Vietnam.

In addition, Reuters reported last week that Ecuador's Bancodel Austro had more than $12 million US ($16 million) stolen from a Wells Fargoaccount due to fraudulent transfers over the SWIFT network.

Bangladesh police are also reviewing a nearly-forgotten 2013cyber heist at the nation's largest commercial bank, SonaliBank, for connections to the central bank heist, a senior lawenforcement official told Reuters. The unsolved theft of$250,000 US ($326,000)at Sonali Bank also involved fraudulent transferrequests sent over the SWIFT network.

• SWIFT says hackers successfully infiltrated a commercial bank
• How a hacker's typo helped stop a billion dollar bank heist