The criminals, posing as Bangladeshi central bank officials, sent dozens of secure messages to the New York Fed, which transferred funds belonging to Bangladesh from the Fed to bank accounts in the Philippines and Sri Lanka.
According to an interim report from FireEye The hackers introduced malicious code, known as malware into the Bangladesh banks server, which allowed them to process and authorize the transactions.
In addition to the malware, the cybercriminals deployed hacking tools, including keylogger software that monitors strokes on a keyboard, to steal Bangladesh Banks credentials for the Swift system, a closed network used by financial institutions to authorize financial transactions through secure messages.
Cybercriminals had monitored the banks routine activity through the malware allowing them to compose money transfer messages that looked genuine but were intended for accomplices in the Philippines and Sri Lanka.
FireEye investigators have warned Bangladeshi officials that dozens of computers at the central bank may have been breached by hackers leading up to the attack.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now