A second hacking group is targeting banks through the Swift Inerbank Messaging system, according to a report out from cyber-security firm Symnatec yesterday (Oct. 11). The group is leveraging similar but distinct tactics from the group that orchestrated an $81 million hack of Bangladesh’s Central Bank earlier this year.
Called Odinaff, the new group is reportedly compromised of 10-20 organizations with malware designed to hide fraudulent transfer requests in the Swift system. The release corroborates disclosures from Swift last month when Chief Executive Gottfrid Leibbrandt told customers that in the wake of the larger hack earlier this year more attacks are on the brink of rising.
No new specific vicitms have been named by either Swift or Symantec, though Symantec did note that Odinaff attacks are mostly centered in the United States, Hong Kong, Australia, the United Kingdom and Ukraine.
Symantec said it would share technical information about Odinaff with banks, governments and other security firms.
Odinaff is a distinct set-up from Lazarus — the group credited with the Bangladesh hack as well as attacks on other SWIFT customers in Southeast Asia and the 2014 hack of Sony Pictures Entertainment.
The U.S. government has blamed North Korea for the Sony attack. Symantec has not confirmed North Korea — but has said the high level of sophistication does indicate state sponsorship. Odinaff, on the other hand, appears to be a financially motivated criminal group, according to Symantec.
Swift spokeswoman Natasha de Terán noted that members had been informed of Odinaff and its activities over the summer.
Symantec further reports that Odinaff is likely linked to Carbanak, a hacking group that focuses on banks and merchant point-of-sale systems.