Investigators suspected hackers from Russia, Moldova and Kazakhstan with involvement in the theft in February of this year, $81 million from the account of the Central Bank of Bangladesh at the Federal reserve Bank of new York. This is the conclusion they came after analysis of the malware used in the course of a series of attacks against 12 Asian banks began last year. In addition, the Central Bank of Bangladesh, they were subjected banks in the Philippines and in Ecuador, as well as the Tien Phong Bank in Vietnam. The attack on the Vietnamese Bank was reflected. A few attacks were used netbot Dridex, which is used by cybergroove from countries of the former USSR, including Russia, Moldova and Kazakhstan, reported Bloomberg sources close to the investigation.
The attack occurred about 4-5 of February, when the Bangladeshi regulator was not working. Only criminals expected to steal $951 million, but the cancellation of most part of means has prevented — new York Federal reserve blocked the 30 transactions of $850 million upon the request of the Central Bank of Bangladesh, once the regulator has fixed the hack. Tranche of $20 million, went to Sri Lanka, was returned.
In late may, The New York Times cited the opinion of experts of company Symantec, which specializes on software development in the field of information security, according to which the code involved in attacks on banks resembles the code used in the attack on Sony Pictures in 2014, and South Korean banks and media companies in 2013. Then in attacks by suspected hackers associated with North Korea.
According to the interlocutor of the Agency, the investigation is considering several versions of what happened. Not excluding that the attack on banks could be groups that use Dridex, or North Korean hackers, law enforcement officers admit that malware could be sold to criminals on the black market. In the case of Ecuador, Bangladesh and Vietnam, the attackers gained access to the codes that banks use to connect to the international system of payments of Swift, and used in the formation of orders to transfer funds to a third jurisdiction.
Dridex enters in your computer through email and collects personal user information (user name, passwords, etc.), which can then be used to access the privileged network. According to experts Symantec, Dridex, first discovered in 2014, is one of the most serious online threats, which is now facing companies and ordinary consumers. Cybergroove using Dridex is characterized by a strict organization and discipline. Moreover, as any standard company it adheres to a five-day working week and even takes a break for the Christmas holidays, noted Symantec in its February review.