Russian hackers are likely behind the cyber attacks in May on three private banks in Bangladesh, according to an international vendor specialized in cyber security.
In a report published on Wednesday (Jul 3), Singapore-based Group-IB said that the small Russian group styled ‘Silence’ is most likely behind the over $ 2 million hit on Dutch Bangla Bank Limited (DBBL), Prime Bank and NCC Bank.
The group reportedly softened up the access controls of Dutch Bangla Bank paving the way for money mules to make cash withdrawals from the ATM booths, it said.
DBBL is the only one amongst the three banks to record any kind of financial losses while Prime and NCC claimed that they thwarted the attacks.
The bank apparently became aware of the heist when Visa payment solution provider asked them to settle transactions clients made in Cyprus.
On May 31, a CCTV camera in a Dutch Bangla ATM booth showed a Ukranian national collecting money by just inserting a card.
The money mule spoke on the phone before each withdrawal which indicates that a remote operator was controlling the machine, Group-IB said.
Police later arrested him along with five others in connection to the heist and learnt that they stole around $19,000 with the same routine.
‘Silence’ came into the limelight back in September last year, when Group-IB published a report detailing resources and tactics of the group.
They've been operating since at least 2016 when they attempted to steal money through the Russian Central Bank's Automated Workstation Client.
The security company believes that the group has a core of two Russian-speaking individuals that are familiar with legitimate, whitehat security activities.
The three banks suffered cyber attacks in May triggering concerns over security systems against a growing threat of scammers.
Of the three, Dutch Bangla Bank Limited (DBBL) was the biggest victim, according to reports by Dhaka-based media.
NCC Bank and Prime Bank, who also faced attacks, claimed they were able to avert financial losses.
These were the biggest cyber attacks after hackers made off with $81 million from Bangladesh Bank’s account with the Federal Reserve Bank in New York in 2016.
“DBBL and Prime Bank authorities informed us (Bangladesh Bank), on May 5, about the heist reportedly originating from Cyprus, Russia, and Ukraine,” said a top Bangladesh Bank official, who asked not to be named, told an English national last month
In the case of DBBL, cyber criminals stole around $1.4 million in the beginning of May from teller machines in those countries using cloned credit cards, and personal identification numbers (PINs) of DBBL clients.
The DBBL came to know about it when Visa, a global payment solution provider, asked it to settle payments for transactions made by the bank’s “clients” in Cyprus.
No comments were available from DBBL Managing Director Abul Kashem Md Shirin despite repeated attempts then.
In the similar process, hackers stole around $400,000 from an ATM in Cyprus using Prime Bank's cloned card.
The bank, however, denies it. "We did not face any hacking attempts," its Managing Director Rahel Ahmed told the media last month.
An official of NCC Bank, who asked not to be named, confirmed that they have also faced cyber attacks, but avoided any financial loss.
Following the reports filed by DBBL and Prime Bank, the Bangladesh Bank held a meeting on May 5 with the IT chiefs as well as heads of retail banking, and card divisions of the two banks.
Around two weeks later, on Jun 1, as many as nine ATM booths of DBBL in Dhaka were targeted in digital frauds using cloned cards, when around Tk 1.6 million was stolen.
Police later arrested six Ukranian nationals in connection with the incident.
All private banks, especially those who deal with international credit and debit cards, have been issued notices to keep vigilant regarding foreign nationals, and people with suspicious behaviour while stepping into ATM booths.
According to a recent study by the Bangladesh Institute of Bank Management, around 50% of the local banks are in risk of cyber attacks threats as they still lack technologies like managed switch, next generation firewalls and email gateways — vital for ensuring network security in banks.
Also read
Cyber attackers steals millions from three local banks
