14 DAY TRIAL // Attackers of JPMorgan Chase had siphoned data from the systems of the financial institution since June, using programs crafted for the network systems of the organization.
The hackers first gained access to JPMorgan’s systems by exploiting a zero-day vulnerability in the company’s website, Bloomberg reports.
This offered insight into the system architecture, allowing them to create custom malicious tools that permitted further access to customer banking transactions.
Over a period of two months, the hackers were able to use their special tools to move around the network and exfiltrate information to different servers around the world.
The attack, which was highly sophisticated in nature, was discovered in mid-August by the company, during a routine scan, which triggered the alarm.
Because of the complexity of both the malware used and the tactics employed for the breach, suggestions have been made that behind the incident were not average cybercriminals, but an organized group ready to challenge even the most secure defenses.
However, at the moment, it is clear that the attackers extracted the information in time and managed to trigger alarms for data being delivered outside JPMorgan Chase systems.
In order to hide their identity, the hackers routed the traffic to several countries, but according to investigators talking to Bloomberg, most of the data reached a large city in Russia.
The sophistication of the attack was revealed to the investigators when they found malware that had been specifically crafted to compromise certain areas of the institution’s systems, also permitting collection of data other than just customer banking credentials.
Some security experts voiced their opinion that the attack may have been orchestrated by a foreign government, given the complexity of the operation; now, all clues point to Russia.
Bloomberg said that because of the conflict in Ukraine and the bank’s role in enforcing sanctions against Russian assets, the officials fear that this was a case of state retaliation against them.
However, there have been cases where malware used by government fell in the hands of cybercriminals, who used it themselves or sold it on underground forums.
“At the end of the day, serious attackers, not just cyber punks who try to steal credit card information, will go to great lengths and spend immense amounts of money in order to reach their target, employing not only lessons learned from online criminals over the last 20 years but also decades worth of espionage and social engineering tactics,” said Adam Kujawa, head of malware intelligence at Malwarebytes.