Three hacking groups, including a ‘nation-state actor’ are ‘still lurking’ in the network of Bangladesh’s central bank, according to a forensic report.
The report by the US experts, hired by Bangladesh Bank to probe the $81 million cyber heist three months ago, suggests that the hackers put the bank at risk of further attacks, says Reuters.
“There are some residual risks that the governor and board should understand, namely that Bangladesh Bank network is still not secure, and there exists a possibility of malicious acts by hackers,” says the report, parts of which were seen by Reuters.
Reuters says the source who shared the document declined to provide access to its full contents, as the release of some details could hamper a multinational effort to catch the criminals and recover funds stolen in the February cyber attack.
Bangladesh Bank has declined comment on pending investigations into the heist, Reuters adds.
Asked about the probe report, a spokesman told Reuters: “We have engaged forensic experts to investigate the whole thing, including this.” He did not elaborate.
Investigators have determined that one team of hackers, dubbed Group Zero in the report, was responsible for the heist and remained inside the network, the report states.
Group Zero may be seeking to monitor the ongoing cyber investigations or cause other damage, but is unlikely to be able to order fraudulent fund transfers, Reuters says quoting the investigators.
Two other groups are also inside the bank’s network, which is linked to the SWIFT international transaction system, the report finds.
One of the two is a “nation-state actor” engaged in stealing information in attacks that are stealthy but “not known to be destructive”, the report says.
The report, which was submitted earlier this month, has not further identified any of the groups.
A spokeswoman for SWIFT said she was unable to comment on the report.
SWIFT warned on Thursday of a malware attack on a commercial bank it did not name, similar to the hack at Bangladesh Bank.
In February, hackers ordered fraudulent fund transfers from Bangladesh Bank’s account at the Federal Reserve Bank of New York via the SWIFT system, but the cooperative, owned by member banks and used by 11,000 financial institutions globally, has maintained that the messaging system it controls has not been compromised.
“Group Zero is the identified hacker group that has conducted the cyber attack” against Bangladesh Bank, the investigators have said in the report, which according to them was based on primary findings.
US-based cyber-security firms World Informatix and FireEye Inc have been hired by Bangladesh’s central bank to investigate the theft.
According to Reuters, a spokesman for FireEye said the firm will not comment on the ongoing investigation. World Informatix could not immediately be reached for comment.
In the attack, the hackers sought to transfer $951 million from Bangladesh Bank’s account at the New York Fed.
Most of the transfers were blocked, but $81 million was sent to bank accounts in the Philippines in one of the largest cyber-heists in history.
The money was quickly transferred through a remittance firm to casinos and casino agents and most remains missing.
In the report, the investigators have said Group Zero mounted attacks on other banks, but did not elaborate.
The report says investigators knew little about a third group of hackers found inside the network, referred to as Group Two, except that they were using mostly commodity, or off-the-shelf hacking tools.
Bloomberg News citing people briefed on the bank’s investigation reported on Tuesday that investigators had found evidence that two of the three hacker groups in the Bangladesh attack were from Pakistan and North Korea.