Bangladesh Bank malware linked to fourth cyberattack on Philippines bank
The Lazarus group is believed to be behind the 2009 Sony hack Reuters

The hackers behind the Bangladesh bank cyberheist have targeted yet another bank. A bank in Philippines was found to have been the fourth victim of targeted attacks by cybercriminals using the same malware that saw $81m (£55.2m) stolen from Bangladesh's central bank. Security researchers have connected the malware and techniques used by hackers to the infamous Lazarus group, which is widely considered to be behind the 2009 Sony hack.

The Bangladesh bank heist triggered an alert among the banking and security community, which lead to investigations uncovering further similar attacks. So far, Veitnam's TP Bank as well as Ecuador's Banco Del Austro have also been linked to the attacks. While the Vietnamese bank claimed to have successfully thwarted the attempted heist, Banco Del Austro saw hackers making away with $9m. However, researchers are still investigating details about the code used in the Ecuadorean bank hack. Now a fourth unnamed bank in Philippines has also found to be linked to the Swift malware, although details about the attack, including whether funds were stolen, are yet to be revealed.

Symantec security researcher Eric Chien told the New York Times: "If you believe North Korea was behind those attacks, then the bank attacks were also the work of North Korea.

"If you presume it's North Korea, $1 billion is almost 10 percent of their G.D.P. This is not small change for them."

"We've never seen an attack where a nation-state has gone in and stolen money," he added. "This is a first."

Chien identified the code used in all three attacks were identical. He also noted the hackers used similar techniques like using same numbers and even coding in the same manner. He highlighted that the evidence indicated all the attacks were the work of the Lazarus group. Given the hacker group's previous exploits, the security and financial community has been on alert and in efforts to prevent further attacks, has initiated Operation Blockbuster — which involves sharing of information about the group to mitigate more such attacks in the future.

The FBI's investigation into Lazarus and the Sony hack had reportedly led them to conclude that North Korea was responsible for the attack. Security firm Symantec investigated the attacks and uncovered that the malware and techniques used by the hackers could be traced back to as far as October 2015, two months prior to the failed attempt on Vietnam's TP Bank, which until now was believed to be the earliest known incident.

Symantec said: "The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region. While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant."