Banco de Chile, the second largest bank in the country, released a public statement confirming a major malware attack that breached its computer systems on May 24, shutting down bank operations. The hackers used a disk-wiping malware to cause the outage in order to distract attention from their original target – the SWIFT money transferring system.
Although bank operations were cancelled, internet portals, mobile applications and ATMs were not affected and were secure to use. Some 9,000 terminals and 500 servers across multiple branches were compromised by the malware.
According to the bank’s CEO Eduardo Ebensperger, $10 million were stolen and linked to accounts based in Hong Kong.
“We found some strange transactions on the Swift system, and that’s when we realized that the virus wasn’t all of it, but fraud was being attempted,” he confirmed in an interview last week (translation).
Analyzing images posted by bank employees, Bleeping Computer deduced the malware “was affecting hard drives’ Master Boot Records (MBRs) a-la NotPetya.” It was identified as a possible KillMBR, malware that was specifically used in attacks meant to destroy data in financial institutions.
Financial institutions remain a top target for hackers in 2018. In 2015 and 2016, millions of dollars were stolen by hackers who manipulated the SWIFT banking network. Known as Lazarus Group, they have been directly associated with North Korea and are responsible for cyberattacks on 12 banks in Southeast Asia and Sony Pictures Entertainment.