Bank of Valletta has recovered more than €3 million of the €13 million stolen by hackers last month, the bulk of the rest being frozen in foreign jurisdictions, financial services industry sources said.

The sources said that between €3 million and €4 million are in the process of being returned to the bank. A large chunk of the remaining stolen money has been traced in a number of jurisdictions, including the UK, the US, Hong Kong and the Czech Republic.

While the sources were confident the money would be returned to the bank “eventually”, they acknowledged that some of the stolen funds might never be recovered.

“You have to appreciate that legal proceedings have started in some jurisdictions and the funds frozen there will not be released until these have been concluded,” the sources pointed out.

The bank said €13 million were stolen during a cyberattack on February 13, which led the BOV to temporarily take its services offline.

The hackers were dubbed EmpireMonkey by the investigators due to the use of a hacking tool known as PowerShell Empire, which allowed the group of hackers to move about in the bank’s systems after having gained access.

Sources close to the investigators told Times of Malta one potential suspect was the international hacking organisation known as Cobalt Gang, which wreaked havoc on the international banking sector.

It is believed to have stolen as much as €1 billion from banks in as many as 40 countries in recent years.

The sources said the group had been known to infiltrate international banks’ ATMs, card-processing systems and the international interbank payment messaging network SWIFT before executing attacks.

A review of last month’s breach has indicated that the hackers could have been attempting to infiltrate the bank as far back as October 2018.

READ: BOV hackers ‘planned back door opportunity’

Similar ‘phishing’, a method used to break into a computer system via electronic communication, had first been detected locally about four months previously. This had the same digital fingerprint as the hacking group believed to have carried out the heist, the sources noted.

The hacking group is also believed to have targeted another Maltese bank, however, their attempts to infiltrate it appear to have been unsuccessful.

One security expert said banks are regularly subjected to such threats and attempts to breach their systems are commonplace.

The Times of Malta reported last month that the hackers were believed to have broken into the Autorité des Marchés Financiers, which regulates the French stock exchange, last year.

READ: How BOV hackers got away with €13 million

They then sent e-mails to Maltese and French entities posing as the regulator and using an innocent-looking e-mail that included the official letterhead and a decoy document that allowed the hackers access to the bank’s systems once activated.

The BOV computers where the malicious e-mails were accessed and viewed, inadvertently giving the hackers the keys to the ‘vault’, were identified.

It is not clear yet how long the hackers had access to the bank’s systems before the cyberattack was carried out.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.