Investigators linked the Russian cyber gang Dridex with a string of twelve bank robberies. The robberies have occurred mainly in Southeastern Asia, culminating in the theft of $81 million from Bangladesh’s central bank. Dridex, which operates in Russia and former Soviet satellite states, including Moldova and Kazakhstan, were identified by their unique malware which bears the gang’s name. North Korea is also suspected in the Bangladeshi robbery. Code was found resembling the 2014 Sony Pictures hack. However, this may not be the case. Malware from both parties may have been sold to a third party on the black market, making the investigation more difficult. The criminals have been exploiting weaknesses in banks for some time A few examples are the attempt to steal $1 billion from Bangladesh’s central bank in February, stealing $12 million from an Ecuadorian lender in January of 2015 and the attempted steal from a Vietnamese bank late in 2015. They manage to get access by using bank codes to connect to the Swift global payment network to request funds going elsewhere. The Dridex malware first popped up in 2014. It accesses computers through email, gaining personal information to infiltrate networks, making it a major threat in cybersecurity.
Surprisingly, Dridex is run like a company. According to the security firm Symantech Corp, it has a Monday to Friday schedule with vacation days.. In the Bangladesh robbery, the Federal Reserve Bank of New York was the target of false Swift messages which lead them to wire money for Bangladesh to the hackers’ accounts in the Philippines. Posing as bank officials, they sent a message deploying malware to attack the PDF reader of the bank statements.