Vietnam’s Tien Phong Bank has thwarted a cyberheist involving fraudulent SWIFT messages, the same technique used in the February theft from the Bangladesh central bank.

TPBank said Sunday that in the fourth quarter of last year, it identified suspicious requests to transfer more than 1 million euros ($1.1 million) of funds using the SWIFT global interbank messaging service.

SWIFT had reported last week that an unnamed commercial bank was targeted by a malware attack similar to the one at Bangladesh Bank in which thieves tried to transfer nearly $1 billion. Most of the requests were blocked but $81 million was stolen.

The attacks “sparked concerns that hackers had found ways into the messaging system banks rely on to move money securely around the world,” The Wall Street Journal said.

The Vietnamese bank said it caught the attempted hack quickly enough to halt any illicit movement of funds.

The attack “did not cause any losses,” the bank told Reuters. “It had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general.”

The transfer requests were apparently made through the infrastructure of an outside vendor hired to connect TPBank to SWIFT. The bank said it has since discontinued working with that vendor and switched to using a new system that offers a higher level of security and enables it to connect directly with SWIFT.

In the Bangladesh Bank attack, the thieves requested funds from the bank’s account at the New York Federal Reserve. Cybersecurity company BAE Systems has said the attackers modified the Alliance Access server software, which banks use to interface with SWIFT’s messaging platform, so they could make the fraudulent cash transfers and hide the evidence.

SWIFT sent a warning to all of its customers on May 13 about malware used in schemes involving fraudulent transfers over its network. It said it was aware of a “small number” of cases of fraud at its customers.

, , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *