Two hacking groups employing similar tactics have been caught using the same IP addresses by Symantec. The Cyber security company has warned of attacks on SWIFT, the messaging system which is at the heart of the world’s financial system.
Computer security giant, Symantec has warned that a hacking group dubbed as Odinaff has infected 10 to 20 Symantec customers with malware which can be used to hide fraudulent transfers made over SWIFT, the messaging system that is the backbone of the global financial system.
Gottfried Leibbrandt, SWIFT’s CEO, has warned banks that cyber-attacks on banks are poised to rise.
The revelation comes from Symantec’s research into hacks that have been disclosed by SWIFT.
Neither Symantec nor SWIFT have publicly disclosed SWIFT hacking victims other than Bangladesh’s central bank.
According to Symantec, attacks by Odinaff have primarily occurred in the United Kingdom, United States, Australia, Hong Kong and Ukraine.
Symantec has disclosed it would be sharing the technical information regarding the Odinaff hacks with security companies and governments.
Earlier in May, Symantec disclosed that it believes the Bangladesh heist was carried out by a hacking group called Lazarus. The 2014 hacking of Sony Pictures entertainment was also the work of this group.
The U.S. government had squarely placed the blame for the Sony attack on North Korea. However, according to Eric Chien, a researcher at Symantec, the company is yet to confirm whether Lazarus was behind North Korea, or the other way around.
He went on to add, the sophistication of the attack suggests the involvement of a nation state. However, Odinaff appears to be a criminal group with financial motivations. The group does not appear to have the backing of a nation state.
As per Natasha de Terán, SWIFT’s spokeswoman, the company’s customer security intelligence team had warned its members earlier this year about Odinaff’s activities, its habits, descriptions and potential attacks.
Symantec believes that Odinaff is linked to Carbanak, a hacking group that has been targeting banks and merchant point-of-sale systems since at least 2014.
Both groups employ similar tactics to carry out attacks and have used the same IP addresses to connect too their servers, said Symantec.