Financial Firms Hacked by Government? Microsoft Describes How

(Bloomberg) -- It’s a short -- but startling -- passage tucked inside Microsoft Corp.’s periodic cybersecurity report: State-sponsored hackers attacked several financial services firms and stole “large sums of cash.”

The account provides another reminder that hackers are successfully preying on parts of an industry where customer confidence is paramount, and that’s sometimes reluctant to disclose serious attacks. Yet even as the report lays out what happened, it omits sensitive details, such as which government backed the assault or which firms were targeted.

Microsoft said it knows about the case because its experts helped victims in the aftermath. In a series of similar incidents, hackers gained administrative access to computer systems by infecting a machine with a “highly targeted, obfuscated backdoor implant,” possibly with a spear-phishing email. Then they sent cash to foreign accounts. In some instances, the hackers went undetected for more than 100 days, and once found, unleashed malware on the victims’ systems, halting operations.

FireEye Inc., another cybersecurity firm, described a similar series of attacks in a report published about five months ago. A Microsoft spokesman declined to comment on whether the incidents are related.

In that report, FireEye said a North Korean hacking group had infiltrated more than 16 firms in 11 countries including the U.S., stealing more than $100 million. The group’s victims included a Chilean bank that lost $10 million last May. North Korean diplomats and official media have denied that the country plays any role in cyberattacks.