Cyber Incident Victim: NIC Asia Bank
Date:
Nov 2017
Location:
Nepal
Summary
NIC Asia Bank experienced a cyberattack targeting its SWIFT server during a festival period, resulting in unauthorized payment orders totaling approximately Rs 460 million to recipients in six countries via intermediary banks. Following the incident, the bank engaged forensic investigators and collaborated with the central bank and law enforcement, recovering Rs 400 million while Rs 60 million remained unrecovered. An internal probe revealed that staff assigned to SWIFT operations had misused a dedicated system computer for non-work purposes, leading to the reassignment of six employees. The Central Investigation Bureau initiated an inquiry to determine security lapses and potential involvement of external or internal actors.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The NIC Asia Bank cyber incident occurred during the Tihar festival period in late 2017, when attackers compromised the bank's SWIFT server infrastructure to initiate unauthorized international fund transfers. The hackers routed payment orders totaling approximately Rs 460 million (NPR) through NIC Asia's correspondent banks—Standard Chartered New York and Mashreq Bank New York—directing funds to recipients in six countries including Japan, the United Kingdom, the United States, and Singapore. The bank detected these suspicious transactions through its SWIFT monitoring systems and immediately notified Nepal Rastra Bank (NRB), the central banking authority. Through coordinated efforts with NRB and correspondent banks, NIC Asia successfully froze approximately Rs 400 million of the unauthorized transfers, though Rs 60 million had already been disbursed to beneficiaries before the intervention could be completed.
Following the initial containment, NIC Asia engaged KPMG India to conduct a forensic investigation, the findings of which were shared with both NRB and Nepal's Central Investigation Bureau (CIB). A parallel NRB investigation revealed critical security lapses, specifically that bank staff responsible for SWIFT operations had used dedicated SWIFT terminal computers for unauthorized purposes, violating operational protocols. This discovery prompted NIC Asia to transfer all six employees associated with SWIFT operations to other departments. While the KPMG forensic report informed subsequent actions, the bank's delayed engagement of law enforcement and inconclusive initial findings raised questions about potential insider involvement versus international threat actors. The CIB assumed formal investigative responsibility to determine breach methodology and evaluate security controls, collaborating with NRB and bank officials throughout the process. Financial impacts were partially mitigated through the recovery of most stolen funds, though Rs 60 million remained unrecovered as of the latest reported updates.