The recent spate of cyber attacks that has plundered the central bank of Bangladesh and others look less like heists than a blitzkrieg.
Suspected hackers bagged $81 million from Bangladesh’s coffers in February, after attempting to get their hands on nearly $1 billion. (A typo in a money transfer request led the New York Fed to halt 30 suspicious transactions totaling $850 million, and it managed to recover an initially lost $20 million from a Sri Lankan bank.) Cybersecurity experts say the scammers likely have ties to North Korea; if true, this may very well be the first time a country has used code to steal cash from other nations.
Get Data Sheet, Fortune’s technology newsletter.
The attack on the southeast Asian bank—one of the biggest bank robberies of all time—seems to be part of a broader campaign that targeted as many as a dozen banks, mostly in countries with developing economies. Preet Bharara, the attorney general of New York, said that people should be “horrified” about the unprecedented looting. Indeed, these raids expose the chinks in the armor of a global financial system, and the dangers of doing business in a highly connected world economy.
Here’s everything you need to know:
WHO: Experts finger the “Lazarus group,” a shadowy computer-cracking corps linked to North Korea that shocked the world when it supposedly ransacked Sony Pictures in 2014. Cybersecurity researchers at Symantec (SYMC), BAE Systems (BAESY), and elsewhere base their attribution on the idiosyncrasies of the team’s malicious software. They note, however, that the alleged culprit(s) may have simply shared attack code. (Other groups and inside help haven’t been ruled out either.)
WHAT: The cybergang assaulted international banks, tricking them into wiring heaven knows how much cash into a devious money-laundering web that involved a shady Philippine casino network and secret Hong Kong bank accounts. The crew nabbed $81 million from the central bank of Bangladesh and $9 million from a Banco del Austro branch in Ecuador. Tien Phong Bank in Vietnam said it blocked the hackers’ attempt to steal $1 million. Experts say as many as a dozen banks may have been targeted—and potentially more.
For more on cybersecurity, watch this Fortune video:
WHEN: Early 2015 to the present, according to reports. In the Bangladesh case, the hackers set about on a weekend when they knew offices would be closed and staff less likely to catch the digital hijinks. Sneaky.
WHERE: Bangladesh. Vietnam. Ecuador. The attacks targeted many as a dozen banks—many in Asia. The hackers appear to have zeroed in anywhere they believed systems would be less protected. Big firms in the United States and United Kingdom, which have a reputation for having higher security standards, don’t seem to have made the team’s hit list—though mid-market firms may not have been so lucky.
WHY: To rake in that dinero. Indulging in a bit of geopolitical speculation: It’s not hard to imagine why a sanction-stricken, extensively impoverished hermit kingdom may have sought to skim millions from the global financial system. (North Korea is known to have run one of the world’s most successful money counterfeiting rings, by the way. See: “supernotes.”) A motive is not evidence that the country is to blame, of course.
HOW: Using malicious software, stolen credentials, and wily money laundering subterfuge to trick vault operators into wiring millions of dollars through the cross-border transfer system known as SWIFT (the Society for Worldwide Interbank Financial Telecommunication) network, aka the world’s payment plumbing. Beats balaclavas and tommy guns, that’s for sure.
A version of this article appears in the July 1, 2016 issue of Fortune with the headline “Did North Korea Have Hackers Steal Millions From Global Banks?”
