Cyber Incident Victim: Far Eastern International Bank
Date:
Oct 2017
Location:
Taiwan
Summary
A cyber heist targeting Far Eastern International Bank, attributed to North Korea's Lazarus hacking group, involved attempts to steal funds via the SWIFT messaging system. Hackers sought approximately $60 million, but all except $500,000 was recovered. The incident reflects continued efforts by Lazarus to generate revenue through financial attacks, following previous operations against Bangladesh's central bank and attempted breaches in Mexico and Poland. Security enhancements implemented after the Bangladesh heist reportedly hindered the group's ability to successfully extract funds in subsequent attacks. BAE Systems identified technical evidence linking Lazarus to the Taiwan breach, underscoring the group's persistent targeting of global banking networks despite increased defensive measures.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In October 2017, Taiwan’s Far Eastern International Bank was targeted in a cyber heist involving the SWIFT global messaging system. Cybersecurity firm BAE Systems attributed the attack to the North Korean Lazarus hacking group, citing technical evidence linking malware samples to the group’s known tools. The attackers attempted to steal approximately $60 million through fraudulent SWIFT messages. This incident mirrored Lazarus’s previous operations, including the 2016 theft of $81 million from Bangladesh’s central bank. While the hackers successfully transferred funds, the bank recovered all but $500,000, according to Taiwan’s Central News Agency. BAE’s analysis indicated Lazarus had developed persistent capabilities to target financial systems, though heightened security measures following the Bangladesh heist complicated fund extraction. The attack demonstrated ongoing efforts by North Korean actors to generate revenue through cybercrime. BAE had previously linked Lazarus to attempted heists in Mexico and Poland, though no successful thefts were confirmed in those cases. SWIFT acknowledged continued targeting of its systems in 2017 but noted improved defenses had thwarted many attempts.
The incident prompted Far Eastern International Bank to collaborate with investigators and SWIFT to mitigate the breach. BAE’s report detailed technical indicators of compromise, including malware designed to manipulate SWIFT transactions. SWIFT declined to comment on BAE’s findings but reaffirmed its commitment to enhancing security protocols. The partial success of the heist highlighted both the resilience of post-Bangladesh security upgrades and Lazarus’s adaptability. Financial losses were limited due to rapid recovery efforts, contrasting with earlier, more damaging attacks. The event underscored the persistent threat posed by state-aligned hacking groups to global banking infrastructure. No additional compromises of Far Eastern International Bank were reported following the incident. BAE warned that Lazarus would likely continue targeting banks due to their established tools and methodologies. The heist contributed to broader industry awareness of SWIFT system vulnerabilities and the need for continuous vigilance.