On February 13, 2019, as shoppers were making last-minute Valentine’s Day purchases, the country was about to be plunged into chaos as all of Bank of Valletta’s services suddenly and inexplicably went dark.

The first alarm was raised by businesses, which reported that card machines were not working and pleaded for patience.

However, shoppers ended up abandoning their carts and baskets as attempts to withdraw money from ATMs were also unsuccessful and even the bank’s website and mobile app were taken offline.

Within days, we learned how hackers managed to gain access to the bank’s internal systems through a phishing e-mail and initially made off with €13 million.

In 2021, Nigerian influencer Ramon Abbas, known as Hushpuppi, and co-conspirator Ghaleb Alaumary were each sentenced to 11 years in prison after admitting to money laundering charges.

But the latest episode of the BBC true crime podcast The Lazarus Heist suggests that Alaumary and Abbas may have been conspiring with the Lazarus Group, a cybercrime collective of mostly anonymous individuals with strong ties to the North Korean government.

The podcast, which is now in its second season, reports primarily on the group’s cybercrime efforts which they attribute to an effort by the North Korean state to draw in funds for its nuclear programme as it remains plagued by international sanctions and isolated from the global community. North Korea has consistently denied these allegations.

The Lazarus Group has been linked to the 2014 Sony Pictures hack, a 2016 cyberheist on Bangladesh Bank and the WannaCry ransomware attack in 2017, among others.

The BBC reporters said it was most likely Lazarus that gained access to BOV’s networks and that on this occasion they had switched tactics from their usual target of ATM jackpotting.

Swift messaging system targeted

To pull off the heist, the hackers targeted the Swift messaging system, which would allow them to send money to bank accounts that they control right from under BOV’s nose.

The podcast revealed that the hackers had managed to siphon money from the bank on the day prior to the cyberattack being discovered and that they had intended to come back for more on day two.

To pull it off, the hackers would need outside help to effectively launder the money in a way that the Swift transactions could not be tracked and reversed by investigators.

This is where Alaumary was approached by the hackers and he, in turn, brought in Abbas to provide more drop accounts – bank accounts set up under false pretences to briefly transfer the stolen money, through which Abbas would later be tasked with laundering the money.

It is most likely that Alaumary and Abbas were only acquaintances on the dark web and had never met in real life, they said.

The Lazarus Group had told Alaumary that they needed enough accounts to launder €5 million each without raising suspicions. Abbas had initially provided Alaumary with one Romanian drop account but dawdled to deliver when he asked him for more. Abbas later came through at the last minute, giving Alaumary access to another account in Bulgaria, they said.

After Alaumary and Abbas were arrested in the US and their identities and criminal backgrounds exposed, the US authorities also indicted three members of a North Korean intelligence agency, Jin Hyok, Jon Chang Hyok and Kim Il, for having participated in Lazarus hacking campaigns.

Times of Malta reported in 2019 how the FBI had been monitoring Malta for possible North Korean hacking attempts in the months prior to the BOV attack.

A leaked report from the UN Security Council North Korea sanctions committee also listed Malta as having been one of 17 countries targeted by the blacklisted state in a cyberattack.

Abbas, who was a well-known influencer with millions of followers, had for years flaunted a life of opulence and luxury on Instagram, frequently posting pictures of himself holidaying in lush resorts, jet setting decked in designer-wear on a private jet and going on extravagant shopping sprees, emerging from department stores holding bag after bag of Gucci, Louis Vuitton, Versace, Dolce and Gabbana and Christian Louboutin.

But his life of Instagram luxury was about to come crashing down in 2020, when Dubai police raided his apartment at the Palazzo Versace hotel.

The raid, dubbed Operation Fox Hunt 2, saw police seize more than $40 million in cash, as well as 13 luxury cars, 21 computers, 47 smartphones, 15 memory sticks, five hard disks containing 119,580 fraud files, and the addresses of 1.9 million victims.

The Dubai police later released a high-octane video production of the arrest, complete with graphics and dramatic recreations of portions of the raid.

Abbas admitted to the charges of money laundering brought against him and was sentenced to 11 years in prison last year.

Alaumary, a dual Canadian and American citizen, also pleaded guilty to the charges and was condemned to an 11-year prison sentence in 2021.