South African banks have said they did not fall prey to North Korean hackers, and the Payments Association of South Africa and the South African Banking Risk Information Centre have stated that no security breaches in local SWIFT systems have been reported.
This follows reports last week that South Africa was one of 17 countries hit by North Korean attackers to raise money for its weapons of mass destruction programmes.
Articles from Reuters and the Associated Press cited an unpublished report prepared for the UN Security Council, which stated that North Korea perpetrated at least 35 attacks and raised up to $2 billion.
One attack reportedly targeted thirteen countries: Costa Rica, Gambia, Guatemala, Kuwait, Liberia, Malaysia, Malta, Nigeria, Poland, Slovenia, South Africa, Tunisia, and Vietnam.
South Korea, India, Bangladesh, and Chile each suffered multiple attacks by North Korea.
Although no details of the attack on South Africa were provided, the report stated that there were three major ways in which North Korea was raising money:
- Attacks on the SWIFT system, which is typically used for cross-border money transfers between banks.
- Attacks on cryptocurrency exchanges and individual holders, where tokens were stolen.
- Mining of cryptocurrency.
Attacks on SWIFT
Last year, ZDNet reported that the US Department of Justice charged a North Korean programmer, Park Jin Hyok, with several big online attacks. These included:
- WannaCry — an outbreak of ransomware in 2017 using the EternalBlue vulnerability in Windows.
- Breaches at US movie theatres (AMC, Mammoth Screen) and Sony Pictures Entertainment in 2014.
- Attempted breach of Lockheed Martin in 2016.
- Several hacks on South Korean businesses and organisations.
- Hacks of many banks between 2015 and 2018, including the Bangladesh Central Bank and an undisclosed African bank.
Details of Park’s alleged attack on an African bank is available in the 179-page FBI indictment, published on the DOJ website.
In brief: the attack involved an intrusion into the bank’s SWIFT infrastructure, which allegedly allowed Park to create fraudulent payments to the tune of $100-million.
Note that the attack was on an unnamed bank from the continent of Africa, not necessarily the bank called “African Bank”.
The most recent reports list Gambia, Liberia, Nigeria, South Africa, and Tunisia as potential targets of this attack.
Since the FBI did not disclose whether the African bank whose SWIFT systems were hacked was South African, we asked local banking and payments institutions whether they had been attacked.
South African banks respond
Nedbank said that it is not aware of SWIFT-related systems being compromised.
Investec’s fraud prevention team said that they are not aware of any South African banks experiencing a successful direct attack on their SWIFT infrastructure similar to the Bangladesh SWIFT attack two years ago.
“It’s possible they’ve tried and been unsuccessful,” the fraud prevention team at Investec said.
Tymebank did not answer the question directly, but said that it does not build its cyber capability based on a single country. “[We] follow best practice principles based on global threat intelligence and cyber feed analysis,” it said.
Capitec partners with other local banks for SWIFT transfers, and was therefore not asked for comment.
FNB and Standard Bank did not respond to requests for comment.
Absa said that it was not in a position to comment, but directed queries to the Payments Association of South Africa (PASA).
PASA said that it has not received any reports of South African SWIFT systems being compromised, but recommended that we ask the South African Banking Risk Information Centre (SABRIC) for more accurate insight.
SABRIC assured MyBroadband that the allegations that North Korea hacked into SWIFT systems at banks are taken seriously by the banking industry
“The threat posed by nation-state attacks has been recognised globally for many years and is a scenario that banks plan for in their risk mitigation strategies,” SABRIC told MyBroadband.
“Whilst SABRIC is aware of the recent media reports alleging that a SWIFT related system within a South African bank was compromised, neither SABRIC nor any of our member banks have knowledge of such an incident.”
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) did not respond to a request for comment.