Cybersecurity firm Symantec his found evidence that the recent string of digital attacks on Asian banks is linked to North Korea, corroborating a previous study that the isolationist country played a role in the hacks. But Symantec found one other detail—the attacks could be traced as far back as October 2015, two months prior to the earliest known incident.
In March, hackers stole $81 million from Bangladesh’s central bank, while another attack was aimed at a Vietnamese bank earlier this month. Both banks are in the SWIFT network, a consortium of financial institutions worldwide that runs money transfers. Symantec noted that distinctive malware used in the hacks had strong commonalities with the 2014 Sony Picture breaches—a hack the FBI claims was set up by North Korea. The findings back up a prior study by BAE Systems, a British defense company.
Symantec also traced the unique code back to October, when it was apparently linked to an unnamed Filipino bank. But the country’s central bank deputy governor, Nestor Espenilla, told Reuters that no bank had reported lost money to hackers in the Philippines, though he didn’t rule out the possibility.
SWIFT also called for its banks to be more forthcoming about cyberattacks, after it was discovered that several institutions, including Wells Fargo (WFC) and Citibank (C), did not inform the network of hacks from last year.
“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region,” Symantec wrote in a blog post. “While awareness of the threat posed by the group has now been raised, its initial success may prompt other attack groups to launch similar attacks. Banks and other financial institutions should remain vigilant.”
Lazarus, the name of the infamous hacking group that the FBI linked to North Korea in 2014, has also been tied to a string of aggressive attacks as early as 2009. The attacks have largely been focused on the U.S. and South Korea, Symantec wrote.