By Jim Finkle
TORONTO (Reuters) – Cyber-security firm BAE Systems Plc said on Monday it believes the North Korean Lazarus hacking group is likely responsible for a recent cyber heist in Taiwan, the latest in a string of hacks targeting the global SWIFT messaging system.
“The likely culprit is Lazarus,” BAE cyber-intelligence chief Adrian Nish told Reuters by telephone.
The British firm has previously linked Lazarus to last year’s $81 million cyber heist at Bangladesh’s central bank, as have other cyber firms including Russia’s Kaspersky Lab and California-based Symantec Corp.
BAE’s claim that Lazarus is likely responsible for the hack on Taiwan’s Far Eastern International Bank demonstrates that North Korea continues to seek to generate cash through hacking.
Nish said he expects the group to continue to target banks.
“They are not just going to go away. They’ve built the tools. They are going to keep going back,” he said.
Still, he noted that the group appears to have had difficulty in pulling funds out of the banking system, after the massive Bangladesh heist, which prompted SWIFT and banks to boost security controls.
Taiwan’s Central News Agency reported last week that while hackers sought to steal some $60 million from Far Eastern Bank, all but $500,000 had been recovered by the bank.
BAE previously disclosed that Lazarus attempted to steal money from banks in Mexico and Poland, though there is no evidence the effort succeeded.
A security executive with SWIFT, a Belgium-based co-operative owned by banks, last week told Reuters that hackers have continued to target the message system this year, though many attempts have been thwarted by the new security controls.
SWIFT declined comment on the findings, which BAE detailed in a report on its website: https://baesystemsai.blogspot.ca/2017/10/taiwan-heist-lazarus-tools.html
The report provides technical details on malware samples that BAE believes were likely used to target the Taiwan bank.
(This version of the story was refiled to correct link to BAE website metadata in penultimate paragraph)
(Reporting by Jim Finkle in Toronto; Editing by James Dalgleish)