Officials from the NIC Asia Bank, based in Kathmandu, the capital city of Nepal, have been scrambling in recent weeks to recover from a hack on its computer networks, which abused the Swift financial messaging system to help steal approximately $4.4m (£3.3m).
After multiple investigations, sources have confirmed that most of the stolen funds have now been recovered, with roughly $580,000 yet to be located by authorities.
NIC Asia Bank, one of the largest private sector commercial institutions in the region, brought in experts from the country’s central bank – Nepal Rastra Bank (NRB) – and a probe was conducted by KPMG India.
Local police were also enlisted to look into the hack.
Cybercriminals, officials believe, launched the transfer of money by tampering with the bank’s Swift terminal.
The culprits – who remain at large – were able to send funds to locations in the US, UK, Japan and Singapore while the bank was closed for Tihar, an annual festival.
Swift, or the Society for Worldwide Interbank Financial Telecommunication, is a global financial network used by more than 10,000 banks to send and receive cash transfers.
The core network was not compromised. During the incident in Nepal it was likely the bank’s own computer security that was at fault, a spokesperson told IBTimes UK.
Pushkar Karki, a police chief at the Central Investigation Bureau (CIB), confirmed to local media that the payment order was placed by hacking the bank’s own systems.
“CIB has started investigating how the server was hacked,” he elaborated, adding: “Our investigation will reveal whether or not the bank had adopted proper safeguards.”
According to the Himalayan Times, six staff members who were responsible for handling the Swift terminal have been moved to other departments as the probe continues.
Swift said it does not comment on individual cases. A statement read: “When a case of potential fraud is reported to us, we offer our assistance to the affected user to help secure its environment.
The hackers abused the SWIFT network to steal cash Markus Spiske/Unsplash
“We subsequently share relevant information on an anonymised basis with the community.
“This preserves confidentiality, whilst assisting other Swift users to take appropriate measures to protect themselves.
The spokesperson added: “We have no indication that our network and core messaging services have been compromised.”
The Nepal central bank reportedly first issued a warning to its staff in late October.
“We have already requested the central banks in those countries to stop processing payments to the parties requested by the hackers,” NRB spokesperson Rajendra Pandit said at the time. “Even payments which have already been made are likely to be retrieved.”
This is not the first time Swift has been exploited by hackers to steal large chunks of cash.
In February 2016, hackers stole $81m from the Bangladesh central bank by using malware to infiltrate its network. Analysis by cybersecurity firms later revealed that loose attribution had linked the incident to North Korea, via a hacking faction known as “The Lazarus Group”.
Research suggests that the rogue nation increasingly uses cybercrime and computer hacking as a source of revenue, targeting casinos, banks and cash machines across the world.