A Vietnamese Bank has revealed it was targeted by computer criminals in an attempted heist.
On Sunday, the Tien Phong Bank (TPB) told Reuters that it used its own reconciliation system to spot a fraudulent transfer of 1.2 million euros (approximately $1.36 million) bound to a Slovenian bank.
Le Manh Hung, head of the State Bank of Vietnam’s (SBV) Information Technology Department, said the TPB was the only Vietnamese institution targeted in the attack. He also stated that the identity of the Slovenian financial organization is not known.
This particular heist involved the use of fraudulent messages sent via SWIFT, a provider of secure messaging services used by 11,000 organizations in more than 200 countries to complete financial transactions.
SWIFT has denied accusations its software had been compromised following an incident back in February where computer criminals used the banking messaging service to try to steal one billion dollars from the Bangladesh Bank.
Even so, officials at SWIFT acknowledged back in April that computer criminals are using malware to target its client software.
Security researchers at BAE Systems have since linked one particular strain of malware used in the attempted Bangladesh bank heist, known as “evtdiag.exe,” to the 2014 hack of Sony Pictures Entertainment.
After detecting the fraudulent transfer, TPBank did not waste any time, explains Hung.
“TPBank immediately informed SWIFT and its bank partner to immediately stop that 1.2 million-euro transaction so there was no financial loss. [It] also reported to Vietnamese legal authorities, SBV and Interpol to coordinate and hunt down the criminals.”
Hung went on to note that TPBank was targeted in the heist because a third-party vendor it uses to connect to SWIFT was likely infected with malware.
That vendor’s Internet servers are based on Singapore, but the exact identity of the vendor is not known at this time.
Interpol’s investigation of this attempted heist is ongoing.