Slovenian bank was recipient named in failed Vietnam cyber-heist

By Reuters/Martin Petty and Mai Nguyen   May 17, 2016 | 09:19 am PT
Slovenian bank was recipient named in failed Vietnam cyber-heist
A man rides a motorcycle past the Vietnamese commercial Tien Phong bank in Hanoi May 13, 2016. REUTERS/Kham
Cyber-criminals unsuccessfully tried to send money from a Vietnamese bank to a Slovenian one in December, but there have been no other cases of attempted fraudulent transfers identified in Vietnam, a top central bank official there said on Tuesday.

Le Manh Hung, head of the State Bank of Vietnam’s (SBV) Information Technology Department, told Reuters the Dec. 8 transfer – for 1.2 million euros ($1.36 million) via the SWIFT network – was the only attempt to steal funds detected by Tien Phong Bank (TPBank).

Other Vietnamese banks and the SBV have not been hit, and the name of the Slovenian bank was not known, he said. It was also not clear how many accounts were listed as recipients.

The Slovenian central bank said it had no information on the matter and was not informed about it by official bodies. The Slovenian police had no immediate comment.

Unlisted TPBank revealed the interrupted cyber heist in response to Reuters inquiries on Sunday. It involved the use of bogus SWIFT messages, the technique at the heart of a massive theft in February from the Bangladesh central bank.

SWIFT, a linchpin of the global financial system, is used by about 11,000 banks and financial institutions for transactions. The two attacks on banks will likely increase scrutiny on the security of its network.

Interpol was immediately informed of the attack via its representative in Vietnam, Hung said.

There was no financial loss and TPBank found the bogus transfer through its own reconciliation system, he said.

TPBank has not said which bank the funds were headed to and Hung said he did not know the identity of the Slovenian partner.

Hung said TPBank was hit because a third-party vendor it had used to connect to the SWIFT money transfer system was likely infected with malware. The vendor’s Internet servers were based in Singapore, he said, adding he did not know the identity of the vendor provider.

Other methods

SWIFT has declined comment on TPBank’s claims. On Thursday, it had said a unnamed commercial bank was targeted by a malware attack similar to the one at Bangladesh Bank.

But SWIFT said in mid-May the malware it had found was used to remove traces of fraudulent transactions, not to conduct the transaction, adding the attackers had used other methods it did not identify to send the fraudulent transfer requests. (

Hung said it was the vendor that had been compromised, rather than TPBank’s own systems. TPBank has declined Reuters requests for further comment.

TPBank, founded in 2008 by Vietnam’s top technology firm FPT Corp, is considered one of the communist country’s most modern and tech-savvy banks and it this month received the “Best Internet Banking” prize from The Asian Banker.

In February, in one of the world’s biggest ever cyber-heists, hackers tried to steal nearly $1 billion from Bangladesh Bank’s account at the New York Federal Reserve. Most orders were blocked but $81 million was transferred to accounts in the Philippines and most of the money remains missing.

go to top