Bangladesh Bank cyber-heist hackers used custom malware to steal $81 million

Hackers behind the Bangladesh bank heist created malware to compromise the SWIFT financial system. Security researchers said the malware allowed attackers to modify a database logging the bank’s activity over the SWIFT network, to delete records of outgoing transfer orders and to intercept incoming transfer confirmation messages, and to manipulate both account balance logs and a printer used to make hard copies of the transfer orders.

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) is a cooperative owned by 3,000 financial institutions. SWIFT software is supposed to securely send and receive information about financial transactions; the messaging platform is reportedly used by 11,000 banks worldwide. SWIFT admitted to Reuters that it was aware of malware targeting its client software “Alliance Access” which is not used by all 11,000 banks.

The malware which manipulated the SWIFT’s Alliance Access was discovered by researchers from BAE Systems. BAE’s head of threat intelligence Adrian Nish told Reuters it was the most elaborate scheme from criminal hackers that he has ever seen. Nash stated, “I can't think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile.”