Breach Notification , Fraud Management & Cybercrime , Incident & Breach Response

Report: Malware-Wielding Hackers Hit Taiwanese Bank

Using SWIFT, Attackers Routed $60 Million to Sri Lanka, Cambodia, United States

Eastern International Bank branch in Taipei, Taiwan. (Photo: 玄史生 via Wikimedia Commons)

Police in Sri Lanka have arrested two men in connection with the theft of tens of million of dollars from a bank in Taiwan as part of a heist that reportedly involved malware being used to generate fraudulent SWIFT money-moving messages.

See Also: Top 5 Log Sources You Should Be Ingesting but Probably Aren't

Almost $60 million was stolen from Far Eastern International Bank in Taiwan last week, with funds being routed to accounts in Cambodia, Sri Lanka and the United States, Taiwanese state-owned news agency Central News Agency reports. The bank reportedly detected the suspicious transactions Tuesday and has been able to recover much of the stolen funds with the help of its banking counterparts in other countries, with only $500,000 remaining outstanding.

Officials at Far Eastern International Bank could not be immediately reached for comment.

Some of the stolen funds were routed to Sri Lanka, officials say. "We are looking at some $1.3 million that had come into three accounts in Sri Lanka," one official involved with the investigation told AFP, speaking on condition of anonymity.

"We have taken two people into custody and we are looking for one more person," the official added, noting that the country's Criminal Investigation Department has been working with its police counterparts in Taiwan as part of the investigation.

Taiwan's Premier Orders Security Review

In the wake of the hack attack, Taiwan Premier William Lai on Saturday ordered all government agencies to review their information security defenses, CNA reports.

On Friday, Far Eastern International Bank reportedly alerted Taiwan's Financial Regulatory Commission, based in the capital of Taipei, to the breach and theft.

The commission could not be immediately reached for comment. But it confirmed to AFP that Far Eastern International Bank had suffered a malware attack and that funds had been stolen via fraudulent money-moving messages sent via the SWIFT interbank messaging network.

More than 11,000 financial institutions across 200 countries and territories use the interbank messaging system from the Brussels-based SWIFT cooperative to transfer funds internationally and domestically.

SWIFT, formally known as the Society for Worldwide Interbank Financial Telecommunication, declined to comment on the report, or if attackers infected SWIFT's client software or used some other attack vector.

"SWIFT does not comment on individual entities. When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment," a SWIFT spokesman tells Information Security Media Group. "We subsequently share relevant information on an anonymized basis with the community. This preserves confidentiality, whilst assisting other SWIFT users to take appropriate measures to protect themselves. We have no indication that our network and core messaging services have been compromised."

Follows Bangladesh Bank Heist

The reported Far Eastern International Bank heist follows the February 2016 hack of the central bank of Bangladesh, in which attackers installed malware on the bank's computers, which allowed them to subvert SWIFT's client software and inject fraudulent money-moving requests into the SWIFT interbank messaging network. The attackers attempted to steal $951 million from the bank's Federal Reserve of New York account. Ultimately, they made off with $81 million.

The stolen funds included $20 million that had been routed to Sri Lankan businesswoman Hagoda Gamage Shalika Perera, which has since been recovered.

Perera, who faces an ongoing investigation, has said she is innocent of any theft, claiming to Reuters that the deal was set up by a Sri Lankan acquaintance that she believes was either hoodwinked by hackers or in league with them.

Spate of Heist Attempts

Following the Bangladesh Bank heist, other banks revealed similar attack attempts, some of which predated that heist and some of which have been successful. Those revelations triggered a public relations disaster for SWIFT, leading the cooperative to try and reboot its security approach (see Security Investments Consume SWIFT's Profits).

Some security experts, and reportedly also the U.S. Justice Department, have tied the Bangladesh Bank heist to hackers with ties to North Korea.

But some security experts claim multiple malware-wielding gangs have been targeting SWIFT software to inject fraudulent money-moving messages since at least January 2016.