India's Cosmos bank raided for $13m by hackers
Report points finger at North Korea for cyber-heist
Cosmos Bank in India says that hackers made off with $13.4m in stolen funds over the weekend.
Multiple reports out of the country say that a group of attackers used cloned cards to withdraw cash from ATMs at a set time and perform a fraudulent SWIFT money transfer. Together, the efforts resulted in about Rs 94 crore ($13.4m) being stolen from the bank and its account holders.
The attack was believed to have taken place in two phases. The first, on Saturday between 1500 and 2200 local time, was an international effort with money mules in 28 different countries, all extracting cash from their local ATMs. According to the Hindustan Times, 15,000 transactions were carried out over the seven-hour period.
The second phase took place Monday, when a SWIFT transaction saw Cosmos move Rs 13.5 crore ($1.93m) to an account at a bank in Hong Kong.
Cybercrooks slurp nearly $1m from Russian bank after pwning router at regional branchREAD MORE
Security reporter Brian Krebs unknowingly broke word about the heist three days ago when he got hold of a confidential alert sent from the FBI to US banks warning of a pending ATM cash-out attack against a then-unnamed financial institution (later found to be Cosmos.)
The warning notes that the Bureau was confident of a cash-out operation set to occur over the weekend (when banks are closed) and that it thought the operation was the result of a breach at a card issuer.
"The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores," the FBI warned.
"At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards."
The Indian bank has said account holders' money is safe, but it has suspended online banking in the wake of the incident.
While no official culprit for the attack has been named, India's Economic Times has reported that North Korea's Lazarus Group (who have previously targeted banks in the region) is the likely offender. ®