On Tuesday, American cyber security giant Symantec reported a second hacker group, dubbed Odinaff, was likely to perpetuate SWIFT attacks against financial institutions, mirroring the heist that occurred earlier this year, in February, at the Bangladesh Bank.
The American company reported Odinaff infected 10 to 20 of Symantec’s regular clients with malware that can mask counterfeit SWIFT transfers requests, a vulnerability that could be exploited to steal gross amounts of funds.
The Society for Worldwide Interbank Financial Communications (SWIFT) is a cooperative institution that allows banks to conduct money transfers in a safe environment the organization provides. Most international banks (and any bank who makes overseas transactions) currently use those types of wire transfers through the SWIFT network.
Symantec says Odinaff and Carbanak are working together
Symantec said most of Odinaff’s attacks had occurred in the United States, The United Kingdom, Australia, Ukraine and Hong Kong. It also linked the hacker group to another faction known as Carbanak, who also focuses on exploiting finance systems. They both have used similar IP addresses and hacking tactics in the past to break into financial servers.
Carbanak has been active since 2014. Their operations not only include stealing from banks but also from individual merchant’s point-of-sale systems, devices found today in any store throughout the world.
Many hacking exploits conducted through fraudulent SWIFT operations have been plaguing the net the past few years. Symantec’s research has helped shed some light on many of them.
Natasha de Terán, a SWIFT spokesperson, said the network issued a warning concerning Odinaff’s activities to all members last summer. The notice included a description of the hacker’s past illicit operations and security indicators to help counter potential threats.
Carbanak’s previous illegal operations
Russian cyber security company Kaspersky first claimed to have discovered Carbanak in 2015. One of their most recent attacks includes the one perpetrated to the Oracle MICROS sales platform last August.
The security breach affected a significant number of point-of-sale terminals which compromised the credit and debit card transactions of many businesses around the world.
Brian Krebs first broke the news and Oracle managed to name the culprits by tracing their malicious access. The scope of the hack was never fully determined.