SINGAPORE May 23 Hackers are probing the
defences of banks in the Middle East, targeting employees with
infected emails which gather information about the banks'
network and user accounts, FireEye researchers said.
FireEye, a U.S. cybersecurity company investigating
the February attack on Bangladesh's central bank in which
hackers stole $81 million, said there was no apparent connection
with the heist or related attacks on banks in Ecuador and
Vietnam.
The identity of the hackers in all three cases is not known.
Cybersecurity experts say the attackers would have needed to
gather knowledge about bank procedures and systems, as well as
gain remote access to launch fraudulent transfer requests.
FireEye researchers said in a blog post that in early May
they had identified "a wave of emails containing malicious
attachments being sent to multiple banks in the Middle East."
The senders appeared to be "performing initial
reconnaissance against would-be targets" using techniques the
researchers said were not usually seen in such campaigns.
Qatar National Bank, the largest lender in the Middle East
and Africa by assets, said last month it was investigating an
apparent security breach of data posted online this week that
revealed the names and passwords of a large number of customers.
A FireEye spokesman said Qatar National Bank was not one of
the "several banks" in the Middle East where researchers had
found the malware. He did not identify which banks and which
countries were affected.
He said the malware had reported back to the hackers'
servers, indicating at least some of the banks had been
infected.
Once opened, the malicious email attachments gather
information on the user's system, including network
configuration data, user and administration passwords and
software running on the bank's computers.
The security of banks and SWIFT messaging systems has come
under scrutiny in the wake of the Bangladesh Bank attack.
(Reporting By Jeremy Wagstaff; Editing by Raju Gopalakrishnan)