€13 million Maltese bank cyber-heist – six men arrested in UK

Graham Cluley
@gcluley


The UK’s National Crime Agency (NCA) have arrested a total of six men as part of an investigation into the hack of a Maltese bank in February 2019.

The Maltese Bank of Valletta (BOV) shut down all of its operations in February 2019 – closing all its branches, and disabling its cash machines, website, email, and mobile banking services – after hackers attempted to access 13 million Euros

An NCA press release describes how malware was used to access the bank’s systems and illegally move funds into accounts held in other countries. One of those accounts, according to the NCA, was located in Belfast and received £800,000:

“In the following hours a number of card payments and cash withdrawals totalling £340,000 were made from the account before a block could be put on them.”

Sign up to our newsletter
Security news, advice, and tips.

“They included payments to high end stores such as Harrods and Selfridges in London, around £110,000 spent on Rolex watches at a store in London, and payments for a Jaguar and Audi A5 from a car dealership.”

Maltese authorities informed the NCA, who began an almost year-long investigation which culminated in the following:

    22 January: Two males, aged 22 and 17, arrested in raids in West Hampstead and Ladbroke Grove areas of London. An additional male was interviewed under caution.

    30 January: Search warrants executed in the north and west Belfast areas, with one 39-year-old man arrested on suspicion of money laundering offences, fraud and theft.

    30 January: A 33-year-old man arrested at Heathrow airport as he returned to the UK from China, on suspicion of money laundering offences, fraud and theft. He has been questioned and bailed pending further enquiries.

    31 January: Two men, aged 23 and 24, were arrested on suspicion of money laundering offences, fraud and theft, after handing themselves in to a police station in Belfast.

The NCA released footage of some of the arrests on Twitter:

Notably, at this stage at least, none of the arrests appear to be related to the actual hack itself and the usage of the malware which infected BOV’s systems. That in itself may not be surprising as it is common today for cybercriminal gangs to be split into different groups – the people writing the actual malware, for instance, may be different from those laundering the money.

The NCA says its investigation continues.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.


Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.