The FBI had already been monitoring the island for possible North Korean hacking attempts months before the attack on Bank of Valletta earlier this year.

A diplomatic cable sent by the US Justice Department to the Maltese government the day after BOV temporarily went offline last February details how a North Korean group, known as Lazarus, was the most likely culprit.

The five-page cable, seen by Times of Malta, says the US Federal Bureau of Investigation had been alerted to possible North Korean hacking attempts on the island nearly five months before BOV was eventually compromised. 

Other signs of possible North Korean hacking had also been noticed in the weeks prior to the attack on BOV.

Online activity by computers in Malta, the US authorities informed the Maltese government, had suggested that malware linked to North Korean hackers had made its way into the systems of an unnamed Maltese financial institution. Hackers had caused mass panic earlier this year after they posed as the French stock exchange regulator and broke into BOV’s IT systems, getting away with €13 million.

The diplomatic cable was sent to Malta one day after the BOV hack.The diplomatic cable was sent to Malta one day after the BOV hack.

Although the authorities have traced most of the stolen funds, sources involved in the investigation said nearly €1 million had gone off the grid and would most likely never be recovered.

The BOV hack hit the headlines again earlier this month after a leaked confidential United Nations report suggested that North Korea had used “widespread and increasingly sophisticated” hacks to collect roughly $2 billion.

Researched by independent experts and presented to the UN Security Council North Korea sanctions committee, the report details how the blacklisted state may have carried out at least 35 hacks in 17 countries, including Malta.

Shortly after the UN report was leaked, The Sunday Times of Malta had reported that FBI experts were involved in probing the BOV hack. Government sources had said the Malta Security Services and the state IT agency, MITA, were working with a team from the FBI.

Widespread and increasingly sophisticated hacks

The same sources have since said the FBI had complained the Malta police had not been fully cooperative when it came to sharing of information related to the case. This, they added, had caused “friction”.

The correspondence between the US authorities and the Maltese government maps out how the FBI have been investigating hacks believed to be linked to North Korea since 2014. 

These investigations had become more proactive after the 2016 cyber heist against the Central Bank of Bangladesh that resulted in the theft of about €70 million and the attempted theft of nearly €1 billion.

Since the Bangladeshi attack, the cable reported, other private and central banks across the globe were identified by the FBI as victims of the same group of likely North Korean origin.

The FBI said that “a number of confirmed victims” in Malta had been flagged after checking their systems for the specific kind of malicious software linked to the North Korean hacker group.

“North Korean hackers use these malware families to move laterally within bank networks,” the FBI cable warned the Maltese authorities.

The correspondence goes on to explain how the hackers would move through banks’ systems internally and eventually target the Society for Worldwide Interbank Financial Telecommunication (Swift) used by the banks to facilitate financial transfers.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.