LONDON • Investigators have linked malware used by Russian and eastern European cybergangs to a string of bank heists that culminated in the record-breaking theft of US$81 million (S$109.4 million) from Bangladesh's central bank, people familiar with the probe said.

The tools used in some of the attacks on as many as 12 banks, mostly in South-east Asia, match those deployed by the so-called Dridex crime gangs, said the people, who asked not to be identified because the investigation is confidential.

The gangs operate in Russia and former parts of the Soviet Union, including Moldova and Kazakhstan.

Criminals exploited weaknesses in banks' cyber defences to try to steal almost US$1 billion from Bangladesh's central bank in February and US$12 million from an Ecuadorean lender in January last year.

An attack late last year on a Vietnamese bank was foiled. In all the incidents, the perpetrators got access to the codes the banks use to connect to the Swift global payments network and used them to request fund transfers that were directed elsewhere.

Dridex, which is used to identify the malware and the group that uses it, is spread through e-mail that infiltrate computers and harvest information like user names and passwords which are used to gain access to privileged networks.

First spotted in 2014, Dridex is one of the most serious online threats facing consumers and businesses, said security firm Symantec. The disciplined and highly organised gang behind the malware operates in many ways like an ordinary company, following a Monday-to-Friday work week and even taking time off for Christmas, Symantec said.

BLOOMBERG