Swift, the inter-bank messaging system embroiled in one of the largest cyber heists in history, warned customers that hackers have struck again, attacking a commercial bank client that it didn't name.
The details of a second hack follow a cyber theft in February, when more than $80 million was stolen from Bangladesh's account at the Federal Reserve Bank of New York. Swift last month warned users last month that it was aware of several similar attacks.
This time, the hackers used malware to target a PDF reader used by the customer to check its statement messages, Swift said on Friday. It didn't say whether it suspected the same hackers or whether more money was taken.
"Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks," Swift said in a statement. "The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks –- knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both."
Customers using PDF reader applications to check confirmation messages should take particular care, said Swift. Hundreds of billions of dollars are moved internationally through the Swift system every day. A spokesman for Swift declined to reveal the name of the bank.
Investigators examining the theft from Bangladesh's central bank have uncovered evidence of three hacking groups -- including two nation states -- inside the bank's network but say it was the third, unidentified group that pulled off the heist, people familiar with the bank's internal investigation said earlier this week. The attempted theft of almost $1 billion has prompted central banks around the globe to review defenses against hackers.
"Malicious insiders or external attackers have managed to submit Swift messages from financial institutions' back offices, PCs or workstations connected to their local interface to the Swift network," Swift said. "The modus operandi of the attackers is similar in both cases."
