Hackers target payment transfer system at Chile's biggest bank, 'take $10m'
SWIFT-linked system was the target, claim infosec types
Banco de Chile has become the latest victim in a string of cyber attacks targeting the payment transfer systems of banks.
The country's largest bank was hit on 24 May and thousands of workstations hobbled. The ransomware attack was well documented locally and the bank has apologised for disruptions, which ran into days.
Hackers reportedly used a variant of the complex KillDisk wiper malware to distract attention before targeting systems linked to the SWIFT inter-bank transfer network.
At the weekend, Banco de Chile's CEO, Eduardo Ebensperger Orrego, appeared to confirm this, reportedly telling Chilean business paper El Pulso (in Spanish) that the attackers had stolen "$10m" from the bank and that his organisation had disabled 9,000 workstations to stop the virus's spread before spotting "unusual transactions" on the bank’s local Society for Worldwide Interbank Financial Telecommunication's (SWIFT) network. He also reportedly told El Pulso that "the virus was not necessarily the underlying issue, but apparently [a means for the attackers] to defraud the bank". He said no customers had been affected.
Security blog BadCyber has a good sitrep on the situation together with images of ransomware-infected bank computers in a blog post here.
The Register has contacted the bank for confirmation of the theft.
SWIFT directed us to work it is doing to help its customers secure their locally managed infrastructure here.
The assault followed the same pattern as a recent unsuccessful attack that trashed computers at a Mexican bank but didn't result into any financial losses.
Both assaults followed the modus operandi and used tools linked to the infamous Lazarus Group (AKA Hidden Cobra), a hacking crew blamed for the $81m cyberheist on funds held by the Central Bank of Bangladesh, the 2014 attack on Sony Pictures and much more besides.
Western intel agencies and private cybersecurity firms are near unanimous in pointing the finger of blame towards North Korea. Moscow-based Group-IB went even further in alleging that the Lazarus Group was controlled by Bureau 121, a division of the Reconnaissance General Bureau, a North Korean intelligence agency.
The suggestion is that Lazarus Group was active at least at late as a fortnight ago, despite a rapprochement in relations between North Korea and the West that has led to peace talks in Singapore this week.
Meanwhile, Trend Micro reckoned that the wiper variant involved in the May attack in Chile was connected to the foiled heist in Mexico in January.
Ofer Israeli, chief exec of Illusive Networks, said he believed the Lazarus Group was both behind the latest attack cyber-attack in Chile and likely to strike other banks.
"Targeting financial organisations is part of their long term strategy and compromising global financial networks via small to medium-sized banks in Central and South America whose cyber defences may be less sophisticated poses a higher probability of success," Israeli said.
"The next Bangladesh heist is imminent unless the entire financial ecosystem does its utmost to minimise the attack surface and proactively detect attacks on the entry points," he warned. ®