![]() Janu– DPRK hackers conduct online research about cover letters and hacking-related topics such as PDF exploits and certain CVEs (Source: Park Jin Hyok indictment.) 23, 2015 spear phishing attacks), along with general research about the Bangladesh Bank and bankers in Bangladesh. Janu– DPRK hackers conduct online research about a specific Bangladesh Bank email address and employee (who was subsequently targeted in the Feb. While the attack has not been attributed, FireEye has linked it to the DPRK and the Lazarus Group. Janu– Unidentified hackers use the SWIFT system to transfer money from the Banco del Austro in Ecuador to bank accounts in Hong Kong. October 7-8, 2014 – DPRK hackers begins online reconnaissance regarding specific banks in Bangladesh. dollar account was later made under his name as a part of the heist). The legitimacy of the account is questionable (it was used normally prior to the heist, though Go denies having opened the account. July 2014 – RCBC opens a Philippine peso account in the name of William So Go. January 31 2019.įebruary 2014: First known activity by the group of DPRK hackers known as APT 38 (also called the Lazarus Group or TEMP.Hermit), the group which included Park Jin Hyok and to which most of the SWIFT system attacks has been attributed. Bangladesh Bank against Rizal Commercial Banking Corporation et al, Complaint. United States District Court for the Southern District of New York. United States of America v Park Jin Hyok, Criminal Complaint. United States District Court for the Central District of California. An additional point of interest is the lawsuit brought by Bank of Bangladesh against RCBC for their role in the laundering operation, a case which has the potential to impact how liability could be applied to those who operate mediums used for cyber-enabled money laundering. Given the multitude of cyber-enabled money laundering techniques available, including cryptocurrencies and online game economies (which would function similarly to purchasing casino chips), the comparatively analogue manner in which the spoils of one of the largest cyber-heists to date was laundered is remarkable. According to the complaint, the stolen funds were then used to purchase chips in casinos, a time-proven money laundering technique. The funds were used to purchase Filipino Pesos to hamper tracking efforts before an RCBC branch manager, named in the complaint filed by Bangladesh Bank, finally reported a suspicious transfer on February 11 th. The money, which arrived as US dollars, was rapidly transferred from the initial accounts before requests to lock the accounts by Bank of Bangladesh were received by RCBC. The details of how the money was laundered upon arriving in the Philippines were contained in the Bangladesh Bank’s lawsuit against RCBC for their involvement in the heist. On the day of the attack, stolen funds were routed through RCBC accounts with Wells Fargo, the Bank of New York Mellon, and Citibank before being transferred to the Philippines. A possibly fraudulent account was opened with the RCBC possibly in July 2014 followed by five more clearly fictitious accounts ten months later. Simultaneous with the cyber campaign, actions were being taken to pave the way for the exfiltration and laundering of the stolen funds. (Technical details of the attack are contained not only in cyber threat intelligence reporting but also in the Department of Justice’s indictment of North Korean hacker Park Jin Hyok.) A series of phishing email campaigns and escalations were conducted targeting the Bangladesh Bank with malware resulting in access to the SWIFTLIVE system by January 2016, paving the way for the next month’s attack. By January 2015 attention was turned to the Bangladesh Bank and the first phishing emails were sent the next month. The attackers may have begun planning the February 2016 heist in October of 2014 when, according to FireEye, the North Korean hackers first began conducting online research on banks in Bangladesh. The attack was attributed to members of North Korea’s Bureau 121, also known as Lazarus Group, Bluenoroff, APT38, and several other names. US $20 million was transferred to a company in Sri Lanka while US $81 million was routed to the Rizal Commercial Banking Corporation (RCBC) in the Philippines. Thirty of those orders were stopped for review and cancelled, but five orders totaling US $101 million were completed. In February of 2016 thirty five fraudulent orders were sent over the SWIFT network, a telecommunications system linking financial institutions used to exchange information on transactions, to transfer a total of US $1 billion from the Bangladesh Bank’s account with the New York Federal Reserve Bank. FOIA Advisory Committee Oversight Reports.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |