British banks are being targeted by a second group aiming to exploit perceived security shortcomings in the Swift global payments messaging system.
Security company Symantec warned that the new campaign has been running since January using malware dubbed Trojan.Odinaff which Symantec said has targeted financial organisations worldwide.
However, the attacks look more broad than the one that resulted in the theft of $81m from Bangladesh Bank in February, a sum that would have been much worse but for a crass typographical error and the diligence of a clerk at a correspondent bank.
Symantec has linked the Odinaff trojan with the Carbanak group, which is believed to be based in Russia and has attacked financial institutions since at least 2013.
"Odinaff is typically deployed in the first stage of an attack to gain a foothold onto the target network, providing a persistent presence and the ability to install additional tools," said Symantec in a blog post.
"These additional tools bear the hallmarks of a sophisticated attacker which has plagued the financial industry since at least 2013. This new wave of attacks has also used some infrastructure previously used in Carbanak campaigns."
Symantec explained that these attacks require a large amount of hands-on involvement and the deployment of a range of "lightweight" back doors and purpose built tools on computers of specific interest.
"There appears to be a heavy investment in the coordination, development, deployment and operation of these tools during the attacks," the firm said.
"Custom malware tools, purpose built for stealthy communications (Backdoor.Batel), network discovery, credential stealing and monitoring of employee activity, are deployed."
A quarter of the attacks that have been uncovered have been in the US, a fifth in Hong Kong, 12 per cent in the UK and four per cent in Ireland.
Ukraine has been the target of eight per cent of the attacks so far, an unusually high proportion given the size of the country's economy and banking sector, suggesting that the attackers are based in Ukraine or Russia.
The attacks are not exclusively aimed at the financial sector, but it accounts for 35 per cent of the attacks.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere