NCC Bank

NCC Bank, headquartered in Bangladesh, is a financial institution operating within the country's banking sector. Its public profile is notably defined by its inclusion among multiple Bangladeshi banks targeted in a significant cyberheist during early May 2019. This incident involved a coordinated attack where threat actors compromised banking systems to remotely command ATMs to dispense cash, resulting in the theft of at least three million US dollars. The bank experienced direct financial losses from this fraudulent ATM transaction scheme, which relied on malware deployed within its network. The attack methodology indicated a prolonged and stealthy network compromise prior to the execution of the cash theft, allowing attackers to establish persistent access and communicate with their command-and-control infrastructure. This event positioned NCC Bank as a victim of an international, financially motivated cybercriminal operation that transcended national boundaries, involving Ukrainian money mules to physically collect the stolen currency from manipulated ATMs across Bangladesh.

The incident is attributed to the Silence group, a threat actor with Russian-speaking operatives previously known for targeting financial entities in Russia and the Commonwealth of Independent States. Their use of specialized malware families, including Silence.Downloader and Silence.ProxyBot, demonstrates a capability for developing tools to infiltrate banking systems and maintain covert communication channels. The successful theft from NCC Bank and other institutions marked a strategic expansion for the group into the Bangladeshi financial market, highlighting a broader trend of such actors seeking targets in new geographic regions. The subsequent arrest of the money mules provided law enforcement with a tangible link in the fraud chain, though the core technical compromise of the bank's systems remained a critical aspect of the case. This event serves as a documented example of the persistent threat posed by sophisticated cybercriminal groups to the banking sector in emerging markets, where such attacks can result in immediate, tangible financial losses through direct manipulation of physical cash infrastructure. The bank's experience underscores the sector's vulnerability to attacks that blend digital intrusion with physical cash-out mechanisms executed by recruited agents.