The group, dubbed Odinaff, is reportedly robbing banks using fraudulent messages.
Hackers have reportedly infected as many as 20 organizations with malware in an attempt to take down the global financial system.
According to Symantec, the group—dubbed Odinaff—is robbing banks using fraudulent SWIFT (Society for Worldwide Interbank Financial Telecommunication) messages.
SWIFT is used for a majority of international interbank communication, and enables global financial institutions to send and receive information about transactions in a secure, standardized environment.
Attackers, however, have repeatedly overcome local security measures to enter the SWIFT system, generate money orders from various banks, and send millions to fraudulent accounts.
“Since January, discreet campaigns involving malware called Trojan.Odinaff have targeted financial organizations worldwide,” Symantec Security Response wrote in a blog post.
Invasions appear to be focused on those in the banking, securities, trading, and payroll sectors, as well as companies providing support services, and most frequently target the US, Hong Kong, Australia, the UK, and Ukraine.
Symantec noted a potential connection to Carbanak, a sophisticated hacker who has plagued the financial industry since at least 2013. “Although difficult to perform, these kinds of attacks on banks can be highly lucrative,” the blog said. “Estimates of total losses to Carbanak-linked attacks range from tens of millions to hundreds of millions of dollars.”
As Reuters points out, the hacking of SWIFT messages is the same approach that generated $81 million in a February attack on Bangladesh’s central bank. No additional victims have been identified.
SWIFT declined to comment on the Odinaff group directly.
But a spokesman told PCMag that the cooperative’s customer security intelligence team warned members about the hackers’ activities over the summer.
“This work forms part of SWIFT’s information sharing initiative which has grown significantly since its launch, and which includes detailed intelligence and analysis on the modus operandi of attackers in customer fraud cases,” the statement said.
Editor’s Note: This story was updated at 9 a.m.
ET with comment from SWIFT.