May 16, 2016 by

Sony Breach from 2014 Linked to Bangladesh Bank Cyber Heist


Investigators looking into the Bangladesh bank cyber heist have revealed that the evidence of a specific malware discovered in the attack has the “same unique characteristics” as malware found in the infamous Sony studios breach from 2014.

Security firm BAE Systems has revealed its analysis of the malware used in the $81 million cyber heist of Bangladesh Bank’s NY Fed Reserve account. The malware contained links to the same malware and tools used in the 2013 attack on Sony Pictures.

The common link between the two attacks was a file-deletion function with a wipe-out capability in a file called msoutc.exe, a file which researchers stated contained identical features to the malware used in the Sony breach.

The researchers stated:

The implementation of this function is very unique. It involves complete filing of the file with the random data to occupy all associated disk sectors, before the file is deleted.

“The file-delete function itself is also unique. The file is first renamed into a temporary file with a random name, and that temporary file is also deleted,” researchers noted.

Related read: Sony Hacked and Blackmailed

Another co-relation to the Sony breach was the specific use of Visual C++ 6.0 to develop the malware, notable with the spelling errors that are evident with both attacks.

The FBI had notably blamed North Korea for the breach affecting Sony, with the country refuting such claims and denying any involvement. Security firm FireEye which has since been hired by Bangladesh Bank to investigate the breach has stated that it had found evidence that hacking groups from North Korea and Pakistan were involved in the attack.

BAE’s report strongly asserts that the analysis of malware brings enough evidence that the same malware author behind the Sony attacks is also linked to the recent bank heist, even though researchers admit that discovering the source of an attack is often an impossible task.

Noting that there are indeed possibilities that may lead to an “alternative hypothesis,” the security researchers further stated that such a possibility is “unlikely.” They add, “we believe that the same coder is central to these attacks.”

In a statement that claims to have made significant inroads into the investigation, the researchers further stated:

Who the coder is, who they work for, and what their motivation is for conducting these attacks cannot be determined from the digital evidence alone. However, this adds a significant lead to the investigation.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Some Smartphones Come Preinstalled with Chinese Spyware

You new, expensive smartphone might be spying on you out of the box.

Read more arrow_forward

Denial of Service Attacks on the Rise

These days, you don't have to be a an evil genius of a hacker to bring down a website.

Read more arrow_forward