Another group of hackers is attacking Swift organisations, cyber security researchers at Symantec have warned.

The firm’s experts detected the Odinaff malware, which is capable of deleting the financial messaging system’s customer logs, on 20 companies’ networks.

The variant has been used in attacks since January 2016, they said, often targeting financial organisations or computers running financial software applications.

The malware, which is often delivered via macros in a malicious Word document, provides a backdoor that enables the hackers to carry out more sophisticated attacks.

Once Odinaff is installed on a system, the cyber criminals are able to deploy other tools to explore their victims’ networks and identify key computers.

“Symantec has found evidence that the Odinaff group has mounted attacks on Swift users, using malware to hide customers’ own records of Swift messages relating to fraudulent transactions,” Symantec said in a blog post.

“The tools used are designed to monitor customers’ local message logs for keywords relating to certain transactions. They will then move these logs out of customers’ local Swift software environment. We have no indication that Swift network was itself compromised.”

To cover their tracks after an attack, the hackers were seen to wipe the infected hard drive’s master boost record, rendering it inaccessible without special tools.

Symantec said there were “no apparent links” between Odinaff’s attacks and the previous Swift-related malware attacks attributed to Lazarus.

However, it said they “share some links” to the Carbanak group, including three command and control IP addresses and the use of Backdoor.Batel.

“While it is possible that Odinaff is part of the wider organisation, the infrastructure crossover is atypical, meaning it could also be a similar or co-operating group,” it said.

The researchers said the discovery was another sign that cyber criminals are investing time to develop “a deep understanding” of banks’ internal financial systems.

“These attacks on Swift are like old-school bank robberies for a digital age,” said Kevin Bocek, chief cyber security strategist at Venafi, commenting on the discovery of the new campaign. “The hackers are taking money right from the bank’s safe.

“This is a shift from previous attacks that have been more focused on stealing from banking customers. After the success of the first Swift hack, it’s unsurprising to see the headlines doing the rounds again and I’d be shocked if this is the last we see of it.”

You may also like...

Keep Up To Date - Subscribe To Our Email Newsletter Today

Get the latest industry news direct to your inbox on all your devices.

We may use your information to send you details about goods and services which we feel may be of interest to you. We will process your data in accordance with our Privacy Policy as displayed on our parent website