The malware used by several cybergangs in Russia and Eastern Europe has been tied back to the string of bank heists that resulted in the Bangladesh cyberheist, where $81 million was taken without a trace from the central bank’s account at the NY Fed.
According to people familiar with the investigation, it’s believed that the malware used in as many as 12 bank heists that have taken place mainly in Southeast Asia matches the tools used by the well-known Dridex crime gangs, Bloomberg reported late last week.
Last month, new research emerged that indicated the involvement of the same hackers behind the 2014 hack on Sony Pictures.
The research, which was led by BAE Systems security researchers, found various malware tools, among which a file called msoutc.exe containing wipeout and file deletion functions was found to be the same as the one used in the attack against Sony, which the FBI said was traced back to North Korea.
“The implementation of this function is very unique. It involves complete filling of the file with the random data to occupy all associated disk sectors, before the file is deleted,” the researchers noted in their report. “The file-delete function itself is also unique. The file is first renamed into a temporary file with a random name, and that temporary file is also deleted.”
Bloomberg clarified that, while the presence of code linked to the previous attacks may mean the same hackers were involved, it could also just serve as an indication that the malware is being sold to other parties on the Dark Web.
Reuters reported that the true identities of those behind the $81 million cyberheist may never be discovered.
As quoted by the newswire, Sean Kanuck, named as the most senior official in cybersecurity within the Office of the Director of National Intelligence for the past half decade, said no official fingers have pointed to any individuals in definitive connection with the crime. He has knowledge of the case but has not been directly involved. The other agencies that have been part of the investigation include the U.S. Federal Bureau of Investigation and authorities stretching across the Philippines and Bangladesh. The vast majority of the money is still unaccounted for.