From the CHN Blog.
A cyberattack against Banco De Chile (BDC)—that country’s largest financial institution—bricked a hair-raising 9,000 workstations and 500 servers. However, killing these machines was actually just to a cover trying to hide illegal transactions on the SWIFT network where banks transfer funds internationally. After the dust settled, $10 million was funneled off to accounts in Hong Kong.
On Sunday, BDC’s general manager Eduardo Ebensperger told Chilean media outlet Pulso that the late-May attack allowed the attackers to complete four separate fraudulent transactions before the cyberheist was discovered. The massive downtime caused by this wiper-attack will be an order of magnitude more expensive than the 10 mil that was stolen, the bank had to halt almost all operations at its 400 branches throughout the country. It took almost two weeks for the bank to resume normal services.
The bad guys used extremely destructive wiper malware similar to NotPetya trying to cover their tracks. Its main functionality is to wipe the disk —hence destroying forensics data. Trend Micro analysts discovered that the code is a modified strain of the Buhtrap malware component known as Kill_OS, which bricks the box by overwriting the Master Boot Record (MBR). Here is how that looks close-up.