Bloomberg

Lazarus, a hacking group linked to North Korea, might have been behind this month’s theft of US$60 million from Far Eastern International Bank (遠東商銀), BAE Systems PLC researchers said.

The cyberattack, in which malware was used to steal the money through the international Society for Worldwide Interbank Financial Telecommunication (SWIFT) banking network, bore “some of the hallmarks” of Lazarus, BAE said in a blog post on Monday.

Lazarus and its offshoots have been blamed for attacks ranging from last year’s heist of Bangladesh’s central bank to assaults on cryptocurrency exchanges and South Korean automated teller machines.

North Korea is becoming increasingly starved of hard currency as the UN imposes sanctions amid a standoff with the US over North Korean leader Kim Jong-un’s nuclear weapons program.

The malware used against Far Eastern has been seen in previous attacks by the group in Poland and Mexico, the researchers said.

What is more, some of the money was routed to beneficiary accounts in Sri Lanka and Cambodia — nations that have been used previously “as destinations for Lazarus’ bank heist activity,” they said.

While Far Eastern said that most of the money was recovered, it is the latest case in which SWIFT was used to facilitate the theft of funds from a banking institution.

Hackers stole US$81 million from Bangladesh Bank last year, prompting SWIFT to develop measures to help lenders defend against cyberattacks.

“We have no indication that our network and core messaging services have been compromised,” SWIFT said in an e-mailed response last week to questions on the Far Eastern incident.

Sri Lankan police have arrested two people in connection with the Far Eastern theft, in which hackers wired the cash to accounts in Asia and the US.