New Hackers Target Banks via Swift Logs

There’s a new hacker group on the rise using banks’ Swift credentials to facilitate their cyberheists.

Efforts by the group, called Odinaff, have infected “10 to 20” Symantec customers since January, most frequently in the U.S., Hong Kong, Australia and the U.K., Symantec warned Tuesday. Odinaff is reportedly using malware that hides fraudulent transfer requests initiated over Swift’s messaging system for global financial institutions.

There’s no evidence to suggest the Swift network has been compromised; nor that Odinaff is related to an earlier series of attacks this year – including the $81 million Bangladesh Bank hack in February – which also relied on manipulating Swift customers' transfer logs. Those attacks were carried out by a group known as Lazarus. Symantec did, however, find strong links between Odinaff and Carbanak, a hacking group that has been targeting banks and merchant point-of-sale systems “since at least 2014.”

Neither Swift nor Symantec have identified specific victims beyond Bangladesh Bank. Customers in Ukraine, Ireland and other unnamed countries have also been targets of attacks by Odinaff. Symantec said it would share technical information about Odinaff with banks, governments and other security firms.

The earlier attacks have pressured the entire banking industry to shore up its security. Swift has also warned banks to expedite security projects and has hired defense contractors to improve its own security.