Cybercriminals targeting a Vietnamese bank attempted to transfer €1.2m (£938,000) to an unnamed financial institution located in Slovenia, it has emerged. In another development, top-level officials confirmed on 17 May that no other cases of fraudulent banking activity have been found in the region.
Le Manh Hung, head of the State Bank of Vietnam's (SBV) IT department, told Reuters the only legitimate transfer attempt occurred on 8 December last year at the Tien Phong Bank (TPBank) and reaffirmed the cyber-heist was successfully stopped.
"TPBank immediately informed Swift and its bank partner to immediately stop that €1.2m transaction so there was no financial loss," Hung said, adding that TPBank found the malicious transfer through its own computer systems.
The official added that both the SBV and other Vietnamese banks had not been hit, however could not name the Slovenian bank when asked. Hung added that Interpol was immediately informed of the attack via its representative in Vietnam.
The news comes as fresh information continues to emerge from the ongoing probe analysing how a sophisticated cybercrime heist was orchestrated against the Swift financial messaging system that connects major banks around the world.
As previously reported, TPBank revealed it had interrupted a cyber-heist that involved the use of malicious Swift-based messages, which is used by about 11,000 banks and financial institutions to communicate and transfer money.
According to Reuters, Hung said TPBank was attacked because a "third-party vendor" it had used to connect to the Swift system was likely infected with malware. The vendor's internet servers were based in Singapore, however he claimed to not know the identity of the vendor provider.
The Swift system malware is the same attack technique that was used in February to pillage the Bangladesh central bank – which was not as lucky in stopping the hackers. At the time, $81m ($56m) was successfully compromised in the cybercrime operation.
For its part, Swift has maintained its 'core systems' have not been compromised by any form of malware and that any blame should focus on the security setups of the individual banks. In a statement released on 13 May, Swift said: "The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyberattacks, or a combination of both."
Before Swift went public with its findings, security researchers at BAE Systems found evidence of the Vietnam-based cyberattack.
According to Hung, this quickly sent alarm bells ringing within his institution. He told Reuters that he was extremely concerned that a slew of banks had been hit. However, after checking with a Singapore-based IT consultancy group called Blitz, this was found not to be the case. Additionally, Blitz had upgraded all software found in local banks to bulk up security.
"The SBV was very cautious thinking this may be a new attack," Hung said. "But this updated version software has many new functions that enable better security to users against hackers."
Amid the escalating fallout from the probe, central banks in the region have been instructed to ensure security and IT systems are maintained to a high level. "There is absolutely no room for complacency," said Nestor Espenilla, the Philippines' central bank deputy governor. "We consider it to be a very serious threat that financial institutions should really be preparing for."