A Vietnam bank has disrupted an attempted cyber theft that involved the same software compromised in the $81 million cyber heist at the Bangladesh central bank.
In the fourth quarter of last year, Tien Phong Bank identified fraudulent Society for Worldwide Interbank Financial Telecommunications (SWIFT) messages requesting the transfer of more than $1.1 million in funds, according to a statement provided to Reuters.
Officials at the bank caught the attempt before the transfer went through, and it "did not cause any losses. It had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general," according to the bank’s statement.
The transfers were made using malware installed on an outside vendor’s software, which was used to connect the bank to the SWIFT messaging system. Tien Phong Bank says it has discontinued working with the unnamed vendor.
In February, unknown hackers stole $81 million from the Bangladesh account at the Federal Reserve Bank in New York in what is considered the largest cyber heist in history.
According to the British security contractor BAE Systems, the thieves exploited a flaw in a widely used client banking payment information network from the Brussels-based SWIFT, a collective owned by more than 3,000 financial institutions. Banks across the world use the system to exchange information about financial transactions.
SWIFT on Friday issued a notice to its customer banks saying the breach was part of a broader effort targeting the global financial system.
“Forensic experts believe this new discovery evidences that the malware used in the earlier reported customer incident was not a single occurrence, but part of a wider and highly adaptive campaign targeting banks,” the notice said, according to The Wall Street Journal.
SWIFT has acknowledged that an unnamed bank was targeted in a malware attempt similar to the one Bangladesh Bank attack, but it did not name the institution. It declined to comment on reports that Tien Phong Bank was a victim of a malware attack.
SWIFT has made it clear it considers the incident at Bangladesh Bank a failure on the part of the bank, not its software.
In a letter issued May 3, SWIFT told bank customers they are responsible for securing computers connected to the messaging network.
"At the end of the day, we weren’t breached. It was, from our perspective, a customer fraud," Gottfried Leibbrandt, CEO of SWIFT, said at a financial conference in Frankfurt last week.