Exclusive: Global Banking Structure Infiltrated By Chinese State Hackers
EXCLUSIVE: Global Banking Structure Infiltrated By Chinese State Hackers
Hackers used by the Chinese state are generating a profit marketing accessibility to breached banks to organized crime groups
A team of cyber criminals has breached and mapped the global banking system, and in a series of strikes has so far stolen $81 million from the central bank of Bangladesh. Authorities think the strikes were done utilizing fraudulent messages on a money transfer network linked to the banking system.
Investigations into the ongoing strikes are still ongoing, and similar attacks on other banks are still being uncovered. Some professionals are pinning the strike on hackers from North Korea, since the tools they utilized share commonalities to the November 2014 hack of Sony Pictures Entertainment.
Based on an insider with direct understanding of the recent strikes, nevertheless, the perpetrator behind the digital bank robberies is much larger. The insider wanted to remain anonymous due to security issues, and was able to supply proof to support his claims.
A screenshot, provided to FLI by an insider, shows the security certificate of a Mexico-owned bank money transfer network in New Jersey being exfiltrated. Hackers can use the certificate to send communications through the company’s networks, which its recipients would automatically validate.
A screenshot, provided to FLI by an insider, shows the security certificate of a Mexico-owned bank money transfer network in New Jersey being exfiltrated. Hackers can use the certificate to send communications through the company’s networks, which its recipients would automatically validate.
Chinese state hackers identified the initial weakness, and utilized it to infiltrate and infect the global financial system, as outlined by the insider. When their contract ended with the Chinese regime last year, they sold the vulnerability to cybercrime groups on a private marketplace in the darknet in an effort to thwart detection, he stated. The darknet is an alternate internet that is only accessible utilizing specialized software. While the darknet has legit uses, criminal groups buy, sell, and conspire on darknet forums.
The Chinese regime operates a large network of hackers under the General Staff Department, Third Department, of its military. These hackers carry out orders from the Chinese regime, and also often perform additional operations or sell information on the side for personal financial gain. FLI exposed this system in a earlier investigative report.
The cybercrime groups who bought the vulnerability are apparently those carrying out the current strikes and illegal money transfers.
“The Chinese have already gained permanent access to the target financial networks and exfiltrated all the data they wanted for the contract for their sponsor,” the insider stated. “Now they have this vulnerability, they can continue to monetize, so now they’re selling it to criminal networks.”
Method of the Breach
The code utilized in the vulnerability pulled from multiple places, which could also suggest researchers just looking at the breach from the surface may draw phony results. He stated some of the code was created in-house by the Chinese hackers, but they also bought some of the code from Russian universities.
The insider stated the Chinese hackers did not sell the vulnerability to any particular cybercrime group either. “They’ll sell one bank to one group,” he stated, and mentioned most of the hackers carrying out the current strikes are comparatively low-skilled. “They’re not coders,” he stated. “They just know how to release packages and deploy them.”
The insider was competent to supply forensic information and screenshots that aid the claims. The insider was also equipped to supply a list of targeted banks, which he mentioned is growing, and which includes a long list of banks and financial systems that are connected to a compromised banking partner network- which includes several in the United States, Latin America, and Asia.
The Chinese state hackers began their strikes on the bank networks as early as 2006, as outlined by the insider, and started uploading malware to the bank networks in 2013.
He stated the Chinese hackers also breached a money transfer network run by a Mexico-owned bank based in New Jersey.
“Basically, Mexico’s critical infrastructure is owned by the same APT group,” he stated, using APT (advanced persistent threat) to refer to the Chinese state hackers. “They’re in everything down there,” the insider stated, referring to the level of accessibility the Chinese state hackers have gained over critical networks in Mexico.
A post on a cybercrime darknet forum offers access to Mexican government networks, saying the entry is “ideal for cyberspy,” in this screenshot provided to FLI by an insider.
A post on a cybercrime darknet forum offers access to Mexican government networks, saying the entry is “ideal for cyberspy,” in this screenshot provided to FLI by an insider.
A post on a cybercrime darknet forum offers access to Mexican government networks, saying the entry is “ideal for cyberspy,” in this screenshot provided to FLI by an insider.
A post on a cybercrime darknet forum offers access to Mexican government networks, saying the entry is “ideal for cyberspy,” in this screenshot provided to FLI by an insider.
It was not until around June 2015 that the Chinese state hackers marketed the vulnerability to cybercrime organizations, and these organizations quickly utilized it to start mapping, testing, and infecting banks and financial systems.
The insider stated the hackers exploited a vulnerability in the code utilized to develop web applications named Apache Struts v2. It was vulnerable as early as 2006 and was patched in 2013. He also said that after gaining access, the hackers have since traversed numerous additional financial networks they’re targeting.
While the Chinese state hackers marketed accessibility to the bank networks, the insider said the hackers had been mapping and infecting the global banking system over the last 8 years.
When they chose to market the vulnerability, they did not surrender their accessibility to the networks. By the time they sold it, the insider stated, it had already served its purpose. Quite simply, the Chinese state hackers still have accessibility to the networks-and not just to a few banks, but instead most of the global banking system.
The insider speculated that the Chinese state hackers are marketing the original vulnerability both for profit, and to utilize the cybercriminal gang as a deliberate distraction from their higher-level breaches. He went on to say this could be the early stages of a global banking crisis.
Correction: A earlier variation of the story stated the 2 screenshots showing code were exploits being run. The code is showing the security certificates of the victim Mexico-owned bank money transfer network being exfiltrated. Hackers can utilize the certificate to send communications through the company’s networks, which its recipients would automatically confirm.
Feel free to leave a comment. We would like to know what you think.
There’s Nothing More Valuable Than Knowledge.
The Rabbit Hole Goes Real Deep, Find Out How Deep… HERE
