Cyber Incident Victim: Union Bank of India
Date:
Jul 2016
Location:
India
Summary
Hackers attempted to steal $170 million from the Union Bank of India by infecting the bank's system with malware through a phishing email. The malware allowed the hackers to steal access codes, which they used to authorize cross-border transactions via SWIFT. The attempted theft was detected by an alert employee, and the bank stopped the money from being released. The incident is believed to be linked to the Lazarus Group, a North Korean hacking group.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Union Bank of India cyber incident was a significant attempted cyber heist that targeted the bank's systems and attempted to steal a large sum of money. The incident began when a bank employee opened a malicious email attachment, which infected the bank's systems with malware. This malware allowed the hackers to steal the bank's access codes, which they then used to authorize cross-border transactions via the SWIFT network.
The hackers attempted to transfer $170 million from the Union Bank of India's New York account to various private accounts in five separate locations. However, the attempted theft was quickly detected by an alert employee in the bank's treasury department, who identified that the six transactions initiated by the hackers had not been authorized by the bank. The bank immediately stopped the money from being released, preventing the hackers from successfully carrying out the heist.
The incident is believed to be linked to the Lazarus Group, a North Korean hacking group that has been responsible for several high-profile cyber attacks in the past. The group is known for its sophisticated hacking techniques and its ability to carry out complex and targeted attacks. In this case, the hackers used coding similar to what was used in the Bangladesh Bank hack, which was also attributed to the Lazarus Group.
The Union Bank of India incident highlights the ongoing threat posed by cyber attacks to the financial sector. Banks and other financial institutions are increasingly reliant on digital systems and networks, which makes them vulnerable to cyber attacks. The incident also underscores the importance of robust cybersecurity measures and the need for banks to be vigilant in detecting and responding to potential threats.
The use of phishing emails to infect the bank's systems with malware is a common tactic used by hackers. Phishing emails are designed to trick employees into opening attachments or clicking on links that contain malware, which can then spread throughout the network. In this case, the hackers were able to use the malware to gain access to the bank's systems and steal sensitive information, including access codes.
The fact that the hackers were able to use the stolen access codes to authorize cross-border transactions via SWIFT highlights the vulnerabilities in the global financial system. SWIFT is a critical infrastructure that enables banks to communicate and transfer funds securely. However, the incident shows that even with robust security measures in place, hackers can still find ways to exploit vulnerabilities and carry out attacks.
The Union Bank of India incident also raises questions about the role of nation-state actors in cyber attacks. The attribution of the incident to the Lazarus Group, a North Korean hacking group, suggests that nation-state actors are increasingly involved in cyber attacks for financial gain. This trend is concerning, as it highlights the potential for cyber attacks to be used as a tool of statecraft and the need for governments to take action to prevent and respond to such attacks.
The incident also highlights the importance of international cooperation in responding to cyber attacks. The Union Bank of India incident involved multiple countries and required coordination between law enforcement agencies and financial institutions to respond to the attack. The incident shows that cyber attacks can have far-reaching consequences and require a coordinated response to prevent and mitigate the impact of such attacks.
The Union Bank of India cyber incident is a significant reminder of the ongoing threat posed by cyber attacks to the financial sector. The incident highlights the need for banks and other financial institutions to be vigilant in detecting and responding to potential threats and to invest in robust cybersecurity measures to prevent such attacks. The incident also underscores the importance of international cooperation in responding to cyber attacks and the need for governments to take action to prevent and respond to such attacks.