Cyber-security firm BAE Systems said on Monday (Oct 16) that it believes the North Korean Lazarus hacking group is likely responsible for a recent cyber heist in Taiwan, the latest in a string of hacks targeting the global SWIFT messaging system.
“The likely culprit is Lazarus,” BAE cyber-intelligence chief Adrian Nish told Reuters by telephone.
The British firm has previously linked Lazarus to last year’s US$81 million (S$109 million) cyber heist at Bangladesh’s central bank, as have other cyber firms including Russia’s Kaspersky Lab and California-based Symantec.
BAE’s claim that Lazarus is likely responsible for the hack on Taiwan’s Far Eastern International Bank demonstrates that North Korea continues to seek to generate cash through hacking.
The Far Eastern International Bank reported that its system was hacked earlier this week, with implanted malware affecting some of its personal computers, servers and the Society for Worldwide Interbank Financial Telecommunication’s network, according to Xinhua news agency.
Hackers were found to conduct virtual transactions to move funds to other destinations while no leaks of customer information were reported.
Mr Nish said he expects the Lazarus group to continue to target banks.
“They are not just going to go away. They’ve built the tools. They are going to keep going back,” he said.
Still, he noted that the group appears to have had difficulty in pulling funds out of the banking system, after the massive Bangladesh heist, which prompted SWIFT and banks to boost security controls.
Taiwan’s Central News Agency reported last week that while hackers sought to steal some US$60 million from Far Eastern Bank, all but US$500,000 had been recovered by the bank.
BAE previously disclosed that Lazarus attempted to steal money from banks in Mexico and Poland, though there is no evidence the effort succeeded.
A security executive with SWIFT, a Belgium-based co-operative owned by banks, last week told Reuters that hackers have continued to target the message system this year, though many attempts have been thwarted by the new security controls.
SWIFT declined comment on the findings, which BAE detailed in a report on its website. The report provides technical details on malware samples that BAE believes were likely used to target the Taiwan bank.