Hackers stole approximately 10 million USD from an unnamed Ukrainian bank via the SWIFT banking network, according to an IT audit firm.
According to Kyiv Post, a Ukrainian bank recently hired the Kyiv branch of the Information Systems Audit and Control Association (ISACA) to investigate the theft of millions of dollars.
ISACA said the incident occurred via the Society for Worldwide Interbank Financial Telecommunications (SWIFT), a banking messaging service which helps facilitate banking transfers around the world.
The IT firm believes hackers used publicly available tools and information to commit the heist at the Ukrainian bank as well as at other Eastern European financial organizations.
As ISACA said in a statement:
“At the current moment, dozens of banks (mostly in Ukraine and Russia) have been compromised, from which has been stolen hundreds of millions of dollars…. [But] [b]anks now are not sharing such information at all and are afraid of publicity.”
This announcement follows news of several high-profile banking heists involving SWIFT.
In February 2016, attackers made off with 81 million USD from the Bangladesh Bank. They used a piece of malware “evtdiag.exe” that has been linked to the 2014 Sony hack to make a slight alteration in SWIFT’s Access Alliance software, which allowed them to gain access to a database at the Bank and make fraudulent money transfer orders.
Several months later, the Vietnamese financial organization Tien Phong Bank (TPB) revealed it had spotted a fraudulent transfer of 1.2 million euros (approximately $1.36 million) bound for a Slovenian bank. An investigation into the incident revealed the attackers had used fraudulent messages from SWIFT to order the money transfer from TPB.
SWIFT has announced it will be launching a new security program to help protect financial organizations against attacks similar to those that targeted the Bangladesh Bank and TPB. That program will consist of developing improved information sharing channels and security audit frameworks, among other measures.