A few months after hackers broke into Bangladesh's central bank and came close to getting away with $1 billion, researchers have uncovered evidence that a separate hacking group is targeting the same payment network.
The researchers, from security firm Symantec, said in a blog post published Tuesday that they recently found new tools that target users of SWIFT, a payment network banks use to transfer payments that are sometimes in the range of hundreds of millions of dollars. The malicious tools monitor Swift messages sent to infected computers for International Bank Account Numbers or other keywords relating to specific transactions. When the tools encounter a message that contains a targeted text string, they use a "suppressor" component to move it out of the local file system to prevent it from being seen or recovered by the intended recipient.
"One of the files found along with the suppressor was a small disk wiper, which overwrites the first 512 bytes of the hard drive," Symantec researchers wrote. "The area contains the Master Boot Record (MBR) which is required for the drive to be accessible without special tools. We believe this tool is used to cover the attackers' tracks when they abandon the system and/or to thwart investigators."