North Korea-linked 'Lazarus' hackers hit a fourth bank in Philippines

Global banking system under attack
Global banking system under attack

Hackers targeting the international financial system have claimed a fourth victim: a bank in the Philippines.

It's now clear the global banking system has been under sustained attack from a sophisticated group -- dubbed "Lazarus" -- that has been linked to North Korea, according to a report from cybersecurity firm Symantec.

In at least four cases, computer hackers have been able to gain a dangerous level of access to SWIFT, the worldwide interbank communication network that settles transactions.

In early February, hackers broke into Bangladesh's central bank and stole $101 million. Their methods appear to have been deployed in similar heists last year targeting commercial banks in Ecuador and Vietnam.

Symantec revealed evidence on Thursday that suggests hackers used the same technique to slip into a bank in the Philippines in October. Symantec (SYMC) did not name the bank.

Hackers infected desktop computers at the bank, said Eric Chien, technical director of Symantec Security Response. But researchers still aren't sure if they succeeded in stealing any money.

Related: Hackers could bring down the banks, warns network boss

Symantec researchers closely examined the computer virus used to attack the bank in Philippines. They found that its complex code shared distinct properties -- like specific instructions written in the same words -- as malicious code used to attack Bangladesh Bank.

These particular computer code weapons have been traced to a group that researchers worldwide have nicknamed "Lazarus."

It's unclear who these attackers are -- but there are clues.

Related: Hackers stole millions in third attack on global banking system

The "Lazarus" group has been linked to a string of attacks on U.S. and South Korean government, finance and media websites since 2009. Cybersecurity firm Novetta carefully documented how "Lazarus" hacked Sony Pictures in 2014, stealing data and destroying computers at the Hollywood movie studio.

The U.S. government has publicly blamed that hack on the government of North Korea.

Symantec is now the second major cybersecurity company to link this string of bank hacks to the infamous Sony hack. Two weeks ago, British defense contractor BAE Systems did the same.

There is now widespread industry concern that it's too easy for hackers to attack the global financial system. This week, SWIFT CEO Gottfried Leibbrandt acknowledged that hackers are in a position to bring down banks.

On Friday, the Brussels-based organization announced new measures designed to help banks keep hackers out of their local computer networks.

SWIFT said that its network and core messaging services have not been compromised by the attacks.

Related: Global bank hackers strike again

A major hack of the banking industry carries potentially disastrous consequences.

Last week, MasterCard CEO Ajay Banga expressed worries about the financial sector's point of weakness: smaller banks.

Major banks spend millions of dollars protecting their computer networks. But all banks are connected to facilitate international trade. That means hackers can simply enter smaller banks to fraudulently pull money out of bigger banks.

That's how these bank hackers drew $101 million out of the Bangladesh Bank's account at the New York Federal Reserve.

"These days, basically every bank in the world is equidistant to the bad guy," said cybersecurity expert Jeremiah Grossman. "The risk of them getting captured is very low, and their reward very high."

Social Surge - What's Trending

Mortgage & Savings


CNNMoney Sponsors