Bank heists linked to Sony hack and North Korea

Researchers believe Lazarus may be behind both attacks

Code that hackers used to steal $100m (£68m) from a Bangladesh bank is similar to that used by hackers that broke into Sony two years ago, cybercrime researchers say.

Investigators at US security firm Symantec say the similarity of the malware used in both attacks suggests the so-called Lazarus hacking collective could be behind the heists.

Bangladesh’s Central Bank was hacked in February and other banks in Vietnam and the Philippines have also been attacked.

:: North Korea ‘Carries Out Cyber Attack On South’

Part of the code found to have been used in the attack in Bangladesh

Researchers say code hidden in malware known as Trojan.Banswift was used in all these attacks, and that malware known as Backdoor.Contopee was found which has been linked to other attacks by Lazarus.

“Some of the tools used share code similarities with malware used in historic attacks linked to a threat group known as Lazarus,” Symantec researchers said in a blog post.

“The attacks can be traced back as far as October 2015, two months prior to the discovery of the failed attack in Vietnam, which was hitherto the earliest known incident,” it continued.

“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region.

While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant.”

The attack on Sony Entertainment Pictures in 2014 derailed the release of comedy feature film The Interview and was described as “vicious and malicious” by the head of the digital entertainment company.