Cybersecurity firm Symantec said today a second hacking group has been trying to rob banks with phony SWIFT messages. That same method nabbed $81 million in a high-profile attack on the central bank of Bangladesh earlier this year.
Jim Finkle at Reuters reports:
Symantec said that a group dubbed Odinaff has infected 10 to 20 organizations with malware that can be used to hide fraudulent transfer requests made over SWIFT, the messaging system that is a lynchpin of the global financial system.
Symantec’s research provided new insight into ongoing hacking that has previously been disclosed by SWIFT. SWIFT Chief Executive Gottfried Leibbrandt last month told customers about three hacks and warned that cyber attacks on banks are poised to rise.
SWIFT and Symantec have not identified specific victims beyond Bangladesh Bank. Symantec said that most Odinaff attacks occurred in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.
Symantec promises to share technical information about Odinaff with banks, governments and other security firms involved in the SWIFT system.