Cyber Incident Victim: City Union Bank
Date:
Feb 2018
Location:
India
Summary
City Union Bank experienced a cyber attack involving unauthorized SWIFT transfers totaling nearly $2 million, with funds routed to accounts in Dubai, Turkey, and China. The bank blocked one $500,000 transfer to Dubai, while a Turkish lender prevented a €300,000 transaction; a third $1 million transfer to China was not recovered. The CEO attributed the incident to international cyber criminals and indicated potential collusion by account holders, though no internal staff involvement was initially suspected. The bank collaborated with authorities across affected jurisdictions to investigate and enhanced its internal monitoring systems in response. This incident occurred amid heightened scrutiny of SWIFT security following prior global banking breaches.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In February 2018, India's City Union Bank disclosed a cyber attack involving unauthorized transfers through the SWIFT financial messaging system. The bank detected three fraudulent remittances totaling nearly $2 million, sent via correspondent banks to accounts in Dubai, Turkey, and China. CEO N. Kamakodi characterized the incident as a "conspiracy" orchestrated by "international cyber criminals" spanning multiple jurisdictions. The bank blocked a $500,000 transfer destined for Dubai through Standard Chartered Bank in New York. A second transfer of 300,000 euros ($372,150) routed via Standard Chartered in Frankfurt to Turkey was halted by the Turkish recipient bank before completion. The third transfer, amounting to $1 million, proceeded through Bank of America in New York to Zhejiang Rural Credit Cooperative Union in Hangzhou, China. Kamakodi stated investigators found no evidence implicating internal bank staff but confirmed account holders participated in the scheme. The breach occurred amid heightened scrutiny of Indian banking security following Punjab National Bank's unrelated $1.7 billion fraud disclosure days earlier, though City Union emphasized its case involved external cyber criminals rather than employee collusion.
City Union Bank initiated investigations with Indian authorities and engaged counterparties in affected countries to trace the attack's origins. The bank strengthened its internal monitoring systems in response, though technical specifics of the breach remained undisclosed. SWIFT had previously urged banks to enhance security after the 2016 Bangladesh Bank heist, which exploited central bank systems to steal $81 million. Banking experts cited in the report noted over 100 Indian financial institutions used SWIFT, necessitating increased vigilance. The incident highlighted persistent vulnerabilities in global interbank messaging networks, with attackers targeting correspondent banking relationships to move illicit funds. City Union's containment efforts recovered $872,150 through blocked transfers, leaving approximately $1 million unrecovered from the China-bound transaction. No customer data compromise or additional fraudulent transactions beyond the three remittances were reported. The bank continued collaborating with law enforcement agencies across involved jurisdictions to pursue legal recourse against the perpetrators.