Zero-day vulnerability leveraged, also used in attacks on banks in Europe
A computer intrusion perpetrated on the systems of JP Morgan Chase financial organization lost the company gigabytes of sensitive data.According to sources close to the investigation, the incident seems to have a foreign government behind it, since the complexity of breaching the systems is far from being common to financial cybercriminals.
However, it appears that the zero-day vulnerability leveraged to gain unauthorized access to the information in the case of JP Morgan Chase has been used to infiltrate the systems of financial organizations in Europe.
The threat actor behind the incident is suspected to be from Russia, as its relationship with the US has deteriorated on account of the West imposing sanctions on the Eastern country because of the involvement in the conflict in Ukraine.
However, linking these attacks to government because of the complexity of the task is purely speculative on this point in the investigation, and the perps may very well be cybercriminals with purely financial-driven purposes.
“Companies of our size unfortunately experience cyber attacks nearly every day,” Patricia Wexler, a JPMorgan spokeswoman, told Bloomberg. “We have multiple, layers of defense to counteract any threats and constantly monitor fraud levels,” she added.
What appears to be more certain is that the intruders are from the Eastern part of the world, Russia or a country in Eastern Europe.
Sources close to the investigation of the stream of attacks aiming at the US banks say that, in at least one incident, among the data exfiltrated there is information on bank employees and executives.
In the case of JP Morgan Chase, the perpetrators managed to grab checking and savings account details from the customers.
The mixed type of data affected by the breaches creates confusion as to the purpose of the threat actors, indicating both a cyber-espionage campaign and a financially-motivated strike.
A political motivation of the attack has been discounted because this would generally seek disruption of the services, whereas in this case the operation had a stealthy character, common to intelligence gathering.
The incidents have been carried out in mid-August, and specialized forensics companies have been brought in to analyze the systems in search of more clues on the attackers and their motivation. The FBI is also involved in the investigation, working with the US Secret Service.
JP Morgan Chase has not seen any signs of fraud based on the information extracted by the hackers from their computer systems.