A group of cybercriminals has breached and mapped the global banking
system, and in a series of attacks has so far stolen $81 million from
the central bank of Bangladesh. Experts believe the attacks were done
using fraudulent messages on a money transfer network connected to
the banking system.
Investigations into the ongoing attacks are still underway, and
related attacks on other banks are still being uncovered. Some experts
are pinning the attack on hackers from North Korea, since the tools they
used share similarities to the November 2014 hack of Sony Pictures
Entertainment.
According to an insider with direct knowledge of the recent attacks,
however, the culprit behind the digital bank robberies is much larger.
The insider requested to remain anonymous due to security concerns, and
was able to provide evidence to support his claims.
A
screenshot, provided to Epoch Times by an insider, shows the security
certificate of a Mexico-owned bank money transfer network in New Jersey
being exfiltrated. Hackers can use the certificate to send
communications through the company’s networks, which its recipients
would automatically validate.
A
screenshot, provided to Epoch Times by an insider, shows the security
certificate of a Mexico-owned bank money transfer network in New Jersey
being exfiltrated. Hackers can use the certificate to send
communications through the company’s networks, which its recipients
would automatically validate.
Chinese state hackers identified the initial vulnerability, and used
it to infiltrate and infect the global financial system, according to
the insider. When their contract ended with the Chinese regime last
year, they sold the vulnerability to cybercrime groups on a private
marketplace in the darknet in an attempt to thwart detection, he said.
The darknet is an alternate internet that is only accessible using
specialized software. While the darknet has legitimate uses, criminal
groups buy, sell, and conspire on darknet forums.
The Chinese regime runs a large network of hackers under the General
Staff Department, Third Department, of its military. These hackers carry
out orders from the Chinese regime, and also often run additional
operations or sell data on the side for personal financial gain. Epoch
Times exposed this system in a previous investigative series.
The cybercrime groups who purchased the vulnerability are allegedly
those carrying out the current attacks and illegal money transfers.
“The Chinese have already gained permanent access to the target
financial networks and exfiltrated all the data they wanted for the
contract for their sponsor,” the insider said. “Now they have this
vulnerability, they can continue to monetize, so now they’re selling it
to criminal networks.”
Process of the Breach
The code used in the vulnerability pulled from multiple places, which
could also mean researchers just looking at the breach from the surface
may draw false conclusions. He said some of the code was developed
in-house by the Chinese hackers, but they also purchased some of the
code from Russian universities.
The insider said the Chinese hackers didn’t sell the vulnerability to
any specific cybercrime group either. “They’ll sell one bank to one
group,” he said, and noted most of the hackers carrying out the current
attacks are comparatively low-skilled. “They’re not coders,” he said.
“They just know how to release packages and deploy them.”
The insider was able to provide forensic data and screenshots that
support the claims. The insider was also able to provide a list of
targeted banks, which he noted is growing, and which includes a long
list of banks and financial systems that are connected to a compromised
banking partner network—including several in the United States, Latin
America, and Asia.
The Chinese state hackers started their attacks on the bank networks
as early as 2006, according to the insider, and began uploading malware
to the bank networks in 2013.
0 comments:
Post a Comment