Following the $81 million cyberattack in February, a second hacking group has emerged with the intention of exploiting the SWIFT money transfer system to rob banks.
A report from the security firm Symantec has revealed that these cyberattacks have occurred since January and have targeted companies located in the US, Hong Kong, Australian and other countries. The firm has detected 74 different computer infections that suggest that around 100 organizations have been affected by these attacks so far.
A number of security experts have claimed that the Lazarus Group was responsible for the Bangladesh robbery though the firm believes a different cybercriminal group called Carbanak is to blame for this latest attack. Symantec’s reasoning behind this accusation comes as a direct result of the malware employed which resembles that malicious software used by Carbanak in the past.
The firm revealed what it has uncovered thus far, saying: “This new wave of attacks has also used some infrastructure that has previously been used in Carbanak campaigns. This includes the use of IP addresses found in previous Carbanak-related attacks”.
The hackers made use of Microsoft Word documents and RAR archives to target their victims. These malicious files were likely distributed through email phishing with the aim of installing Trojans onto target computers.
Symantec offered further details on the cost of such an attack, saying: “Although difficult to perform, these kinds of attacks on banks can be highly lucrative. Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars”.