US report says APT38 behind Taiwanese bank NT$1.8 billion cyberheist

Far Eastern International Bank and several others have been named by FireEye as victims of North Korean hacker group APT 38's operations

  6690
The photo shows FEIB headquarters

The photo shows FEIB headquarters (Wikimedia Commons photo)

TAIPEI (Taiwan News) - A North Korean hacking group is believed to be responsible for a NT$1.8 billion (US$58.5 million) cyber heist on Taiwan's Far Eastern International Bank (FEIB) in October of 2017, according to a new report issued by U.S. cyber security company FireEye.

Last year after the cyber heist incident, Taiwan's Criminal Investigation Bureau discovered five malware files left by the hackers, including two ransomware files bitsran.exe and RSW72CE, as well as three malware files which are designed to infiltrate a network, gather information and destroy evidence: msmpeng.exe, splwow32.exe, and FileTokenBroker.dll.

FireEye said in the report that a North Korean hacking group dubbed APT38 has been aggressively using destructive malware to render victim networks inoperable following theft. It observed APT38 lurking within a victim network for almost two years.

The company also observed some shared tactics and tools between APT38 and notorious North Korean cyber operations, and thus are believed to receive North Korean state sponsorship.

APT38 was said to have conducted penetration operations since 2014 in more than 16 financial organizations, in at least 11 countries, according to the report.

Victims of APT38's operations include Taiwan's Far Eastern International Bank in 2017 and Bangladesh Bank in 2016.

The culprit moved funds from FEIB accounts to multiple overseas beneficiaries.

The bank was fined NT$8 million two months after the incident, for insufficient internal controls.