The search for the Bangladesh cyberheist fraudsters has taken an interesting turn with new research indicating the involvement of the same hackers behind the 2014 hack on Sony Pictures.
The research, which was led by BAE Systems security researchers, found various malware tools, among which a file called msoutc.exe containing wipe-out and file deletion functions was found to be the same as the one used in the attack against Sony, which the FBI said was traced back to North Korea.
“The implementation of this function is very unique. It involves complete filling of the file with the random data to occupy all associated disk sectors, before the file is deleted,” the researchers noted in their report. “The file-delete function itself is also unique. The file is first renamed into a temporary file with a random name, and that temporary file is also deleted.”
The exclusive use of Visual C++ 6.0 to develop the malware and similar spelling error patterns were other findings that led researchers to the conclusion, as ZDNet pointed out.
And while there are possibilities of alternative realities, the researchers said, they are unlikely, and all facts point to the same coder being central to these attacks.
“Who the coder is, who they work for and what their motivation is for conducting these attacks cannot be determined from the digital evidence alone. However, this adds a significant lead to the investigation.”
The BAE analysis comes on the heels of new findings from SWIFT, which has uncovered yet another breach. In a statement, SWIFT said that one of its other banking customers had been hit with malware, which compromised the bank’s use of the SWIFT messaging system. The malware operates much like the one used in the Bangladesh bank heist.
“In this new case, we have now learnt that a piece of malware was used to target the PDF reader application used by the customer to read user-generated PDF reports of payment confirmations,” SWIFT said.
While SWIFT didn’t disclose the name of its customer bank, BAE said it appears to be a Vietnamese bank.
“What initially looked to be an isolated incident at one Asian bank turned out to be part of a wider campaign. This led to the identification of a commercial bank in Vietnam that also appears to have been targeted in a similar fashion, using tailored malware, but based off a common code-base,” said BAE Systems security researchers, Sergei Shevchenko and Adrian Nish.