NEW YORK (CNNMoney) — Hacks targeting the international banking system have claimed a fourth victim: a bank in the Philippines.
It’s now clear the global banking system has been under attack by a sophisticated group — dubbed “Lazarus” — since at least October 2015, according to the latest report from cybersecurity firm Symantec.
In recent months, computer hackers have been able to gain a dangerous level of access SWIFT, the worldwide interbank communication network that settles transactions.
First, we learned that hackers broke into the central bank of Bangladesh and stole $101 million. Then it became clear that similar hacks have happened to private banks in Ecuador and Vietnam.
On Thursday, Symantec revealed that it found evidence hackers used the same computer virus to slip into a bank in the Philippines. Symantec did not name the bank.
Hackers infected desktop computers at the bank, said Eric Chien, technical director of Symantec Security Response. But researchers still aren’t sure how hackers slipped in — or if they moved any money.
Symantec researchers say the attack on the Filipino bank happened in October — two months before the attack on Vietnam’s Tien Phong Bank, which had been the earliest known attack by these hackers.
Symantec researchers closely examined the computer virus used to attack the bank in Philippines. They found that its complex code shared distinct properties — like specific instructions written in the same words — as the malicious code used to attack Bangladesh Bank.
These particular computer code weapon has been traced to a group that researchers worldwide have nicknamed “Lazarus.”
It’s unclear who these attackers are — but there are clues.
The “Lazarus” group of hackers attacked American and South Korean government, finance and media websites in 2009. Cybersecurity firm Novetta carefully documented how “Lazarus” hacked Sony Pictures in 2014, stealing data and destroying computers at the Hollywood movie studio.
The U.S. government blamed that hack on the military government of North Korea.
Symantec is now the second highly-respected, major cybersecurity company to link this string of bank hacks to the infamous Sony hack. Two weeks ago, British defense contractor BAE Systems did the same.
There is now widespread industry concern that it’s too easy for hackers to attack the global financial system. This week, SWIFT CEO Gottfried Leibbrandt acknowledged that hackers are in a position to bring down banks.
A major hack of the banking industry carries potentially disastrous consequences.
Last week, MasterCard CEO Ajay Banga expressed worries about the financial sector’s point of weakness: smaller banks.
Major banks spend millions of dollars protecting their computer networks. But all banks are connected to facilitate international trade. That means hackers can simply enter smaller banks to fraudulently pull money out of bigger banks.
That’s how these bank hackers drew $101 million out of the Bangladesh Bank’s account at the New York Federal Reserve.
Experts doubt these hackers will be identified — or face any prison time. Computer networks provide them anonymity, and if they’re operating in hacker-friendly nations like Russia, they remain outside of law enforcement’s grasp.
“These days, basically every bank in the world is equidistant to the bad guy,” said cybersecurity expert Jeremiah Grossman. “The risk of them getting captured is very low, and their reward very high.”