North Korean hackers are suspected of attempting to steal $170m from an Indian bank. In July 2015, the Union Bank of India was the target of an attempted cybertheft, which saw hackers infect the bank's system with malware. Experts reportedly believe that the attempted cyberheist on the Indian bank shares similarities with the Bangladesh Bank hack, which saw hackers successfully steal $81m.
In the case of the Union Bank of India, the hackers were allegedly almost able to transfer $170m from the bank's New York account to various private accounts in five separate locations. However, the attempted theft was quickly detected by an alert employee, and the bank stopped the money from being released, the Wall Street Journal reported.
According to investigators probing the attack, hackers allegedly used coding similar to what was used in the Bangladesh Bank hack. Cybersecurity experts recently said the North Korean-linked hacker group Lazarus was linked to several high-profile bank hacks across the globe. The group is suspected to have been responsible for stealing $81m from the Bangladesh Bank.
How did hackers attempt to steal from the Indian bank?
According to Union Bank of India chairman Arun Tiwari, the cyberattack began when a bank employee opened a malicious email attachment, which then infected systems with a malware. This malware allowed hackers to steal the bank's access codes which they used to authorise cross-border transactions via SWIFT.
According to an unspecified source familiar with the matter, the hackers attempted to transfer nearly $170m to several Asia-linked shell companies, one of which is believed to be a Chinese organised crime syndicate.
However, the Indian bank was alerted about the hackers' attempt by an employee in the its treasury department, who identified that the six transactions initiated by the hackers had not been authorised by the bank.
According to experts at Ernst and Young, which was hired by the Union Bank to look into the attempted cybertheft, and the cybersecurity unit of Citigroup, which is an intermediary of the NY Fed, the Union Bank and Bangladesh Bank hacks share several key similarities.
SWIFT had previously said that other banks in its network were also targeted by cyberattacks, though at the time, it did not disclose that Union Bank was one of them. The international financial messaging system also said that it had incorporated additional security measures in the wake of increased cyberattacks over the past year.