Vietnamese bank claims it foiled attempted SWIFT hack

Vietnam's Tien Phong Bank said it interrupted an attempted cyber heist that involved the use of fraudulent SWIFT messages, the same technique at the heart of February's massive theft from the Bangladesh central bank.

Hanoi-based TPBank said in the fourth quarter of last year it identified suspicious requests through fraudulent SWIFT messages to transfer more than €1 million (A$1.5 million).

TPBank said it caught the attempt quickly enough to halt movement of funds to criminals by immediately contacting involved parties.

The attack "did not cause any losses. It had no impact on the SWIFT system in particular and the transaction system between the bank and customers in general," the bank's statement said.

The bank said the transfers were made using infrastructure of an outside vendor hired to connect it to the SWIFT bank messaging system. Its statement did not name the service provider, though it said TPBank had discontinued working with that vendor and switched to using a new system that offers a higher level of security and enables it to connect directly with SWIFT.

SWIFT, the backbone of global financial transactions, declined comment on TPBank's claims. Last week it had said a unnamed commercial bank was targeted by a malware attack similar to the one at Bangladesh Bank.

TPBank did not immediately respond to requests to elaborate on its statement. Representatives with Vietnam's central bank also did not immediately respond to requests for comment.

It was not immediately clear when SWIFT was made aware of the attempted cyber heist at TPBank and whether it took any action to prevent similar attacks or warned other clients.

In February, in one of the world's biggest ever cyber heists, hackers tried to steal nearly US$1 billion from Bangladesh Bank's account at the New York Federal Reserve using fraudulent transfer messages on the SWIFT system.

Most of the orders were blocked but US$81 million was transferred to bank accounts in the Philippines. The money was moved to casinos and casino agents and most remains missing.

Malware installed

TPBank said the attack might have been facilitated using malware installed on a software application used by the third-party vendor. It noted that SWIFT had recently issued a warning about malware used in schemes involving fraudulent transfers ordered over the SWIFT network.

Late last week the Brussels-based messaging service sent a warning to all of its customers warning that it was aware of a "small number" of cases of fraud at its customers.

It said malware was used to target a PDF reader used by customers to review statements summarising transfers made over SWIFT.

It was not immediately clear whether TPBank's description referred to the PDF malware.

Cyber security firm BAE Systems last week said malware was used to target a Vietnamese commercial bank using fraudulent messages on the SWIFT network. The malware operated in a similar way to that used by hackers in the Bangladesh cyber heist. BAE did not name the Vietnamese bank.

TPBank said the servers of the third-party vendor were based overseas, but did not say where. It said the vendor had used a software application that SWIFT had told the bank may have been subject to the malware assault.

TPBank, founded in 2008 by Vietnam's top technology firm FPT Corp, is considered one of Vietnam's most modern and technologically savvy banks.

After BAE systems said a Vietnamese bank had been targeted, TPBank initially denied it had been subject of an attack, saying it "did not have any problems."