Almost $60 million has been stolen from Far Eastern International Bank in Taiwan using a Swift malware attack last week, with funds being routed to accounts in Cambodia, Sri Lanka and the United States, Taiwanese state-owned news agency Central News Agency reports.
The bank reportedly detected the suspicious transactions Tuesday and has been able to recover some of the stolen funds with the help of its banking counterparts in other countries, with only $500,000 remaining outstanding. The heist reportedly involved malware being used to generate fraudulent SWIFT money-moving messages.
Some of the stolen funds were routed to Sri Lanka, officials say. “We are looking at some $1.3 million that had come into three accounts in Sri Lanka,” one official involved with the investigation told AFP.
“We have taken two people into custody and we are looking for one more person,” the official added, noting that the country’s Criminal Investigation Department has been working with its police counterparts in Taiwan as part of the investigation.
In the wake of the hack attack, Taiwan Premier William Lai ordered all government agencies to review their information security defenses.
On Friday, Far Eastern International Bank reportedly alerted Taiwan’s Financial Regulatory Commission, based in the capital of Taipei, to the breach and theft.
More than 11,000 financial institutions across 200 countries and territories use the interbank messaging system from the Brussels-based SWIFT cooperative to transfer funds internationally and domestically.
SWIFT, formally known as the Society for Worldwide Interbank Financial Telecommunication, declined to comment on the report, or if attackers infected SWIFT’s client software or used some other attack vector.
“SWIFT does not comment on individual entities. When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment,” a SWIFT spokesman tells Information Security Media Group.
“We subsequently share relevant information on an anonymized basis with the community. This preserves confidentiality, whilst assisting other SWIFT users to take appropriate measures to protect themselves. We have no indication that our network and core messaging services have been compromised.”