Security researchers at British defense contractor BAE Systems said that the attackers who stole $81 million from the Bangladesh central bank probably hacked into software from the SWIFT financial platform that is at the heart of the global financial system.

It was aware of malware targeting its client software, said SWIFT which is a cooperative owned by 3,000 financial institutions. Along with a special warning for financial institutions to scrutinize their security procedures, a a software update to thwart the malware was released by SWIFT, a spokeswoman of the organization, Natasha Deteran said.

Because of weaknesses that enabled attackers to modify a SWIFT software program installed on bank servers, a lynchpin of the global financial system could be more vulnerable than previously understood, suggested the developments that come to light after the unprecedented cyber-heist.

In a bid to cover up fraudulent transfers that had been previously ordered, the new evidence suggests that hackers manipulated the Alliance Access server software, which banks use to interface with SWIFT’s messaging platform.

How the fraudulent orders were created and pushed through the system was not explained by the findings from BAE and SWIFT. That remains a key mystery in ongoing probes into the heist.

Reuters quoted as saying that SWIFT was issuing the software update “to assist customers in enhancing their security and to spot inconsistencies in their local database records.”

She said “the malware has no impact on SWIFT’s network or core messaging services.”

After researchers at BAE, which has a large cyber-security business, told Reuters they believe they discovered malware that the Bangladesh Bank attackers used to manipulate SWIFT client software known as Alliance Access and the software update and warning from Brussels-based SWIFT, or the Society for Worldwide Interbank Financial Telecommunication, come after that.

Information about the malware that BAE said thieves used to cover their tracks and delay discovery of the heist was published by it on Monday.

Fraudulent transfers totaling $951 million from the Bangladesh central bank’s account at the Federal Reserve Bank of New York were attempted to be done by cyber criminals in February.

$81 million was routed to accounts in the Philippines and diverted to casinos there even as most of the payments were blocked. Most of the funds robbed remain missing.

The still-unidentified hackers had broken into Bangladesh Bank computers and taken control of credentials that were used to log into the SWIFT system, investigators probing the heist had previously said. However the SWIFT software on the bank computers was probably compromised in order to erase records of illicit transfers, show the BAE research.

Though only some use the Alliance Access software, the SWIFT messaging platform is used by 11,000 banks and other institutions around the world, Deteran said.

As it learns more about the attack in Bangladesh and other potential threats, SWIFT may release additional updates, Deteran said. It is also reiterating a warning to banks that they should review internal security.

“Whilst we keep all our interface products under continual review and recommend that other vendors do the same, the key defense against such attack scenarios is that users implement appropriate security measures in their local environments to safeguard their systems,” Deteran said.

He had never seen such an elaborate scheme from criminal hackers, said Adrian Nish, BAE’s head of threat intelligence.

“I can’t think of a case where we have seen a criminal go to the level of effort to customize it for the environment they were operating in. I guess it was the realization that the potential payoff made that effort worthwhile,” he said.

(Adapted from Reuters)