Digital attackers abused the SWIFT system of an Indian bank in an attempt to make off with approximately $2 million in stolen funds.
On 18 February, City Union Bank disclosed the attempted heist in a statement (PDF):
During our reconciliation process on 7th February 2018, it was found that 3 fraudulent transactions were initiated by the cyber criminals gaining access into our system illegally and not initiated from our Bank’s end. We immediately alerted the Correspondent banks to recall the funds. Since our reconciliation system was very tight we could catch the attack in three attempts.
The first fraudulent transaction detected by City Union Bank consisted of USD 500,000 bound for a Dubai-based bank. That remittance never made it to its intended destination. The Bank says it was “blocked immediately,” perhaps by a scanning service which SWIFT launched in March 2016 as part of its new Customer Security Program (CSP) following the $81 million heist at the Bangladesh Bank.
If City Union Bank had indeed enabled SWIFT’s scanner, the feature failed to detect the other two fraudulent transactions before they completed their transfers. Officials blocked a sum of EUR 300,000 after it ended up in a Turkey-based bank account. The Indian Consulate in Instanbul is currently working to help repatriate that amount.
Meanwhile, USD 1,000,000 made its way to a Chinese-based bank, where someone used forged documents to claim the funds. The Consulate General of Shanghai and office of the National Cyber Security Council (PMO) are attempting to recover those moneys.
City Union Bank’s statement says that “international cyber criminals” and not internal staff members were responsible for the fraudulent transactions. It also reveals that the organization’s SWIFT system is now back online after the bank implemented adequate enhanced security measures.
News of this attempted heist followed just two days after unknown criminals exploited the SWIFT network to steal 339.5 million rubles ($6 million) from the Central Bank of Russia in 2017.