Lazarus, a hacking group linked to North Korea, may have been behind this month’s theft of $60 million from Taiwan’s Far Eastern International Bank, according to BAE Systems Plc researchers.
The cyberattack, in which malware was used to steal the money through the international Swift banking network, bore “some of the hallmarks” of Lazarus, according to a BAE blog post on Monday.
Lazarus and its offshoots have been blamed for attacks ranging from last year’s heist of Bangladesh’s central bank to assaults on cryptocurrency exchanges and South Korean ATMs. North Korea is becoming increasingly starved of hard currency as the United Nations imposes sanctions amid a standoff with the U.S. over Kim Jong Un’s nuclear weapons program.
The malware used against Far Eastern has been seen in previous attacks by the group in Poland and Mexico, the researchers said. What’s more, some of the money was routed to beneficiary accounts in Sri Lanka and Cambodia — countries that have been used previously “as destinations for Lazarus’ bank heist activity,” they said.
While Far Eastern said most of the money was recovered, it’s the latest case in which Swift — the interbank messaging system used for money transfers — was used to facilitate the theft of funds from a banking institution. Hackers stole $81 million from Bangladesh’s central bank last year, prompting Swift to develop measures to help lenders defend against cyberattacks.
“We have no indication that our network and core messaging services have been compromised,” Swift, whose full name is the Society for Worldwide Interbank Financial Telecommunication, said in an emailed response last week to questions on the Taiwanese incident.
Sri Lankan police have arrested two people in connection with the Far Eastern theft, in which hackers wired the cash to accounts in Asia and the U.S. About $59.9 million had been recovered by the bank or frozen at receiving banks, Taiwan’s Criminal Investigation Bureau said last Friday.
This may not be the first time Lazarus has targeted Taiwan. The group routed its signals through Taiwan as part of an attack of banks in 18 countries, CNN reported in April, citing analysis by Russian cybersecurity firm Kaspersky. Taiwan’s First Commercial Bank Co. was fined NT$10 million ($330,000) last year for security lapses after it was hit by a series of cyberattacks by Eastern European hackers.
— With assistance by Samson Ellis, and Adela Lin