Symantec traces Swift banking hacks to North Korea

Image copyright: David Carillet / Shutterstock

Security firm Symantec has linked the hackers who stole $81 million from a bank in Bangladesh to the 2014 hack of Sony Pictures Entertainment, which President Obama blamed on North Korea. The revelation comes as Congress probes the Federal Reserve on what it is doing to protect against such malware-enabled attacks on the financial system.

The February cyberheist of Bangladesh's central bank turned heads in part because hackers were able to manipulate SWIFT (Society for Worldwide Interbank Financial Telecommunication), a widely used financial system. Symantec researchers say they have found evidence that the same criminal group hit a bank in the Philippines, and attempted to steal $1.1 million from a bank in Vietnam.

One of the pieces of malware used in the targeted attacks on Southeast Asian banks has been used by Lazarus, a hacking group that has targeted U.S. and South Korean assets, Symantec said. Lazarus has been linked to a "highly destructive" malicious program that was used in the Sony Pictures hack, Symantec said in a blog post.

The cyber theft at Bangladesh's central bank involved siphoning funds from an account at the Federal Reserve Bank of New York. In response to the attack, Sen. Tom Carper, (D-Del.), ranking member of the Senate Homeland Security and Governmental Affairs Committee, sent a letter to New York Fed President William Dudley asking whether the Federal Reserve plans to update its cybersecurity policies. Carper requested a response by mid-June; a spokesperson said the senator had yet to receive one.

The FBI's evidence that North Korea was involved in the Sony Pictures attack included specific code and encryption algorithms. The Obama administration imposed sanctions on North Korea officials in retaliation. 

Confirmation that North Korea was behind the SWIFT attacks would be evidence of the rogue state's ability to exploit cyberspace for asymmetric advantage.

"The North Korean government has used crime as a way to make hard cash for years – they're the best in the world at counterfeiting $100 bills," James Lewis, senior fellow at the Center for Strategic and International Studies, told FCW. "So it's no surprise that as their cyber capabilities have gotten better they've turned to hacking as another way to make money."

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.