AN FBI INVESTIGATION into a coordinated cyber attack on international banking firm JP Morgan Chase (JPMC) might have expanded to seven of the world's top banks.
The news follows reports on Thursday that the US Federal Bureau of Investigation (FBI) was looking onto a potential cyber attack against JPMC and four other banks, but new information acquired by CNN, citing an unknown source, establishes that six more banks were attacked, with the hackers also altering and deleting customer records.
Security firm Proofpoint has since also posted screen shots claiming to prove that hackers launched phishing attacks aimed at getting access to JPMC.
"These exploits are attempting to install the recently discovered Dyre banking Trojan that attempts to steal banking credentials," said the firm. "The initial phishing email looks authentic and encourages users to click to view a secure message from JPMC."
According to USA Today on Thursday, a federal law enforcement official who was not authorised to comment publicly said that sophisticated attacks were coordinated against JPMC by Russian hackers.
Without confirming reports, a JPMC spokeswoman rather vaguely said, "Companies of our size unfortunately experience cyber attacks nearly every day. We have multiple layers of defence to counteract any threats and constantly monitor fraud levels."
The US law enforcement offical didn't say whether the attacks are thought to be retaliation for recent US sanctions against the Russian government, but it appears that they have not led to any financial losses.
The FBI wasn't immediately available for comment, but FBI supervisory special agent Joshua Campbell told USA Today, "We are working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions."
Security firm Imperva CTO Amichai Shulman said that the fact there were no reports of initial financial losses suggests the attack could be politically motivated. "None of the people commenting on the incident mentioned a direct financial loss, or a direct fraudulent financial activity by the attacker," Shulman said.
"Everyone is talking about grabbing sensitive information. I find it odd that someone who was actually able to break into a bank is not using it for making immediate profit."
Shulman said that there are two possible explanations for the lack of reported financial losses. The first is that it's possible that we are not being told everything, and second is that these were politically motivated hackers.
"Everyone is trying hard to tie this with the whole political situation with Russia. However, it is well known that for a few years now, a large portion of banking attacks and financially related hacking has consistently been coming from Eastern Europe," he added. µ
Sign up for INQbot – a weekly roundup of the best from the INQ