Posted on : August 23 , 2018
In continuation to our initial blog on the Cosmos Bank cyber fraud incident, Volon’s researchers utilized insights from its own Darknet Monitoring solution to create a timeline of SWIFT based attacks on Indian banks and highlight chatter of threat actors in the Darknet. Based upon the transaction reports of SWIFT transfer of $1.92 Million to a Hongkong based entity, Volon’s team conducted deep dive research on the entity “ALM Trading Limited” and identified some facts which could help in expanded investigation. On 13th August 2018, SWIFT transaction was made towards “ALM Trading Limited” (“阿里姆貿易有限公司”), a private limited company supposedly located at Tsuen Wan, Honk Kong, registered by XIAOXING, 33 years old Chinese national and resident of Zunyi, China. This company was established on 13th April 2018. The SWIFT transaction from Cosmos Bank was made 4 months after the formation of the company. “ALM Trading Limited” was established with the help of a Secretary organization “JL ACCOUNTING SECRETARY LIMITED” (“君林天下會計秘書有限公司”), which was established in July 2016. One interesting observation about “JL ACCOUNTING SECRETARY LIMITED” is that the company’s Director resigned on 20-March-2018 and the firm also did not renew its Website this year, which then expired on 22-July-2018. “JL ACCOUNTING SECRETARY LIMITED” provides various Accounting services including Offshore accounting and Bank account setup.