FBI experts are probing the possibility that hackers who broke into Bank of Valletta’s systems last February were working for a “black-listed state”, The Sunday Times of Malta has learnt.
Sources said the Malta Security Services and the state IT agency MITA were working with a team from the US Federal Bureau of Investigation after suspicions that the hack could have been part of a string of similar attacks across the world.
Hackers had caused mass panic after they broke into BOV’s IT systems and stole €13 million, causing the bank to temporarily take all its systems offline.
Bank sources told The Sunday Times of Malta the bank has tracked down some €10 million and is in “various stages of recovery”.
“Less than €1 million” would never be returned to the bank as the funds had gone offline and had likely made their way to the hacking group responsible.
The sources said the FBI experts had a number of theories about the source behind the attack.
One suspected group has links to North Korea.
According to a confidential UN security report leaked to the international press last week, North Korea is believed to have generated an estimated €2 billion for its weapons of mass destruction programmes using “widespread and increasingly sophisticated” cyber-attacks to steal from banks and cryptocurrency exchanges.
In the leaked report, UN security experts said they were investigating “at least 35 reported instances of DPRK actors attacking financial institutions, cryptocurrency exchanges and mining activity designed to earn foreign currency” in some 17 countries.
Sources said a review of the BOV breach had already uncovered how hackers could have been attempting to infiltrate as far back as last October.
A source said similar “phishing” – a method used to break into a computer system via electronic communication – had first been detected locally some 10 months ago. This had the same digital fingerprint as the hacking group believed to have carried out the successful heist in February.
The hacking group is also believed to have targeted another Maltese bank, however, their attempts to infiltrate appear to have been unsuccessful.
The hackers were believed to have broken into the Autorité des Marchés Financiers which regulates the stock exchange in France.
They then sent out e-mails to Maltese and French entities posing as the authority using an innocent looking e-mail that included the authority’s official letterheads and a decoy document that, when clicked on, gave the hackers access to the bank’s systems.
The hackers then sought to move hefty sums to international banks in the UK, US, Czech Republic and Hong Kong.
Files were also found hidden in the bank’s systems, which may have been concealed there to allow the hackers to regain access at a later stage.
The hackers used a hacking tool known as PowerShell Empire, which let them move around in the bank’s systems after gaining access.