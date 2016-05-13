| NEW YORK
NEW YORK May 13 Malicious software used in
February's $81 million heist at Bangladesh Bank is linked to
other cyber attacks, including the high-profile 2014 attack on
Sony's Hollywood studio, according to a new report from cyber
security firm BAE Systems.
"What initially looked to be an isolated incident at one
Asian bank turned out to be part of a wider campaign," BAE's
cyber-security team said in the report it plans to release on
Friday.
Reuters was not able to independently verify the report from
BAE, which last month released the first public analysis of
malware used in the attack on Bangladesh Bank. BAE, which is not
one of the security firms that Bangladesh Bank hired to help
with forensics, said it found the malware on its own by combing
through repositories that collect samples of malicious files.
Similar malware recently was used to target a Vietnamese
commercial bank with fraudulent messages from the SWIFT money
transfer system, which also was used in the Bangladesh hack, BAE
said. The distinctive computer code used to erase the tracks of
hackers in the bank attacks was similar to code used to attack
Sony.
Sony Pictures Entertainment's network was virtually shut
down in late 2014 with destructive malware. The attack was
followed by online leaks of unreleased movies and emails that
caused embarrassment to executives and Hollywood personalities.
BAE did not name the Vietnamese bank, but SWIFT, the
Brussels-based global financial messaging network, disclosed on
Thursday that malware had been discovered targeting a new
commercial bank. Neither firm said whether funds had been
stolen.
The BAE report, which the firm plans to publish on its
website, likely will be closely scrutinized because the White
House has blamed North Korea for the Sony attack, a charge
Pyongyang has rejected.
BAE's head of threat intelligence, Adrian Nish, told Reuters
that the company had not determined who was behind the attacks.
The report said the malware used against Bangladesh Bank
exhibits "the same unique characteristics" as software used in
"Operation Blockbuster," a campaign documented by a coalition of
security firms that dates back to at least 2009 and that
includes the 2014 Sony breach.
Technical similarities include encryption keys and names of
programming elements known as mutual exclusion objects, BAE said
in the report.
"They have a very unique approach," Nish said. "The links
come through the code, which bears the hallmarks of a single,
consistent coder."
BAE said it identified the links between the recent bank
hacks and Operation Blockbuster after analyzing tens of millions
of malicious file samples.
The report acknowledged that there could be alternate
explanations for the similarities.
It is possible that multiple programmers shared the same
code, or even that it was painstakingly recreated to confuse
investigators, according to BAE.
"Whilst there are possibilities that exist which may lead to
alternative hypotheses, these are unlikely," the report said.
(Additional reporting by Joseph Menn in San Francisco; Editing
by David Greising and Raju Gopalakrishnan)