Hackers are probing the defenses of banks in the Middle East, targeting employees with infected emails which gather information about the banks’ network and user accounts, FireEye researchers said.
FireEye, a U.S. cybersecurity company investigating the February attack on Bangladesh’s central bank in which hackers stole $81 million, said there was no apparent connection with the heist or related attacks on banks in Ecuador and Vietnam.
The identity of the hackers in all three cases is not known.
Cybersecurity experts say the attackers would have needed to gather knowledge about bank procedures and systems, as well as gain remote access to launch fraudulent transfer requests.
FireEye researchers said in an online post that in early May they had identified “a wave of emails containing malicious attachments being sent to multiple banks in the Middle East.”
The senders appeared to be “performing initial reconnaissance against would-be targets” using techniques the researchers said were not usually seen in such campaigns.
Qatar National Bank, the largest lender in the Middle East and Africa by assets, said last month it was investigating an apparent security breach of data posted online this week that revealed the names and passwords of a large number of customers.
A FireEye spokesman said Qatar National Bank was not one of the “several banks” in the Middle East where researchers had found the malware. He did not identify which banks and which countries were affected.
He said the malware had reported back to the hackers’ servers, indicating at least some of the banks had been infected.
Once opened, the malicious email attachments gather information on the user’s system, including network configuration data, user and administration passwords and software running on the bank’s computers.
The security of banks and SWIFT messaging systems has come under scrutiny in the wake of the Bangladesh Bank attack.