APT38 SWIFT Banking System Attacks
North Korean APT38 BlueNoroff campaign targeting global banking SWIFT systems. Responsible for $81M Bangladesh Bank heist (2016), Far Eastern International Bank attack (2017), and multiple other central bank intrusions across Asia, Africa and Latin America.
Start date
1 January 2015
End date
—
Techniques
23
Attributed actors
Techniques (23)
collection2
T1005Data from Local System
T1560.001Archive via Utility
command-and-control3
T1573.001Symmetric Cryptography
T1105Ingress Tool Transfer
T1071.001Web Protocols
credential-access1
T1003.001LSASS Memory
defense-impairment1
T1070.001Clear Windows Event Logs
discovery2
T1082System Information Discovery
T1083File and Directory Discovery
execution3
T1059.003Windows Command Shell
T1059.001PowerShell
T1053.005Scheduled Task
exfiltration1
T1041Exfiltration Over C2 Channel
impact1
T1485Data Destruction
initial-access2
T1078Valid Accounts
T1566.001Spearphishing Attachment
lateral-movement2
T1021.001Remote Desktop Protocol
T1021.002SMB/Windows Admin Shares
persistence4
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1543.003Windows Service
T1053.005Scheduled Task
privilege-escalation5
T1078Valid Accounts
T1547.001Registry Run Keys / Startup Folder
T1055Process Injection
T1543.003Windows Service
T1053.005Scheduled Task
stealth4
T1078Valid Accounts
T1140Deobfuscate/Decode Files or Information
T1055Process Injection
T1027Obfuscated Files or Information
Indicators of compromise
No IOCs linked to this campaign yet.