* Another bank attacked by malware - SWIFT
* Bangladesh Bank hack and Sony attack linked - securityfirm
* Investigators say cyber thieves still inside BangladeshBank
By Jim Finkle and Sanjeev Miglani
NEW YORK/DHAKA, May 13 (Reuters) - Investigators probing thecyber heist of $81 million from the Bangladesh central bankconnected it on Friday to the hack at Sony Corp's film studio in2014, while global financial network SWIFT disclosed apreviously unreported attack on a commercial bank.
SWIFT did not say which commercial bank it was or whether ithad lost money, but cyber-security firm BAE Systems said a Vietnamese bank, which it did not name, had been atarget. It was not clear if they were referring to the sameattack and there was no immediate comment from authorities inHanoi.
SWIFT, the linchpin of the global financial system, said forensic experts believed the second case showed that theBangladesh heist was not a single occurrence, but part of awider campaign targeting banks.
In both cases, SWIFT said, insiders or cyber attackers hadsucceeded in penetrating the targeted banks' systems, obtaininguser credentials and submitting fraudulent SWIFT messages thatcorrespond with transfers of money.
The cooperative has maintained that its core messagingservice has not been compromised. But confirmation of a secondattack on a bank will likely increase scrutiny on the securityof a network used by 11,000 financial institutions globally.
In Bangladesh, cyber-security experts hired by the centralbank said in a report that hackers were still inside the bank'snetwork, monitoring the investigation into one of the biggestcyber heists in the world. Reuters reviewed parts of the report,but the source who shared the document declined to provideaccess to its full contents, saying the release of some detailscould hamper a multinational effort to catch the criminals.
Asked about the report, a Bangladesh Bank spokesman said:"We have engaged forensic experts to investigate the wholething, including this." He did not elaborate.
Investigators have determined that one team of hackers,dubbed Group Zero in the report, was responsible for the heistand remained inside the network. Group Zero may be seeking tomonitor the ongoing cyber investigations or cause other damage,but is unlikely to be able to order fraudulent fund transfers,the investigators wrote.
"NATION-STATE ACTOR"
Two other groups are also inside the bank's network, whichis linked to the SWIFT international transaction system, thereport found. One of the two is a "nation-state actor" engagedin stealing information in attacks that are stealthy but "notknown to be destructive", it said.
A spokeswoman for SWIFT said she was unable to comment.
The report said investigators knew little about a thirdgroup of hackers found inside the network, referred to as GroupTwo, except that they were using mostly commodity, oroff-the-shelf, hacking tools.
The report, which was submitted earlier this month, did notfurther identify any of the groups.
BAE Systems, Europe's largest weapons maker, which also hasa large cyber-security business, said it had uncovered evidencelinking malicious software used in the Bangladesh heist to thehigh-profile attack on Sony's Hollywood studio in 2014 and othercases.
"What initially looked to be an isolated incident at oneAsian bank turned out to be part of a wider campaign," BAE'scyber-security team said in a report it released on Friday.
BAE also said it uncovered malware that was recently used totarget a Vietnamese commercial bank using fraudulent messages onthe SWIFT money-transfer network. The malware operated "in asimilar fashion" to the Bangladesh Bank hack, BAE said.
SWIFT also did not name the victim, and neither firm saidwhether any funds had been stolen.
Reuters was not able to independently confirm the findingsof BAE's determination about similarities between the Bangladeshand Sony attacks. The U.S. government has blamed North Korea forthe attack on Sony's film studio, a charge Pyongyang hasrejected.
BAE's head of threat intelligence, Adrian Nish, told Reutersthat the company was only focused on the technical evidence thatlinks the attacks, not determining who was behind them.
The report said the malware used against Bangladesh Bankexhibits "the same unique characteristics" as software used in"Operation Blockbuster", a campaign documented by a coalition ofsecurity firms that dates back to at least 2009 and includes theSony hack.
BAE asserted the Operation Blockbuster connection afteranalyzing tens of millions of malicious file samples, but thereport acknowledged there could be alternate explanations forthe similarities.
It is possible that multiple programmers shared the samecode, or even that it was painstakingly recreated to confuseinvestigators, according to BAE. (Additional reporting by Serajul Quadir in Dhaka, Nathan Laynein Chicago and Joseph Menn in San Francisco; editing by DavidGreising and Raju Gopalakrishnan)