{
	"id": "7afd18ea-4cfe-4cda-b77d-7de630a30c24",
	"created_at": "2026-04-06T00:13:41.941569Z",
	"updated_at": "2026-04-10T03:21:03.595686Z",
	"deleted_at": null,
	"sha1_hash": "e237c04078b52f6fd82ceabaf0e214c132221fb4",
	"title": "6 Suspects Arrested in Maltese Bank Hacking Heist",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 360593,
	"plain_text": "6 Suspects Arrested in Maltese Bank Hacking Heist\r\nBy Mathew J. Schwartz\r\nArchived: 2026-04-05 18:55:56 UTC\r\nAnti-Money Laundering (AML) , Cybercrime , Fraud Management \u0026 Cybercrime\r\nMalware-Wielding Gang Moved $14 Million to US, UK, Hong Kong and Czech Accounts (euroinfosec) • January\r\n31, 2020    \r\nNational Crime Agency officers serve a warrant last week in London. (Photo: NCA)\r\nPolice in the United Kingdom have arrested six suspects as part of a months-long money laundering investigation\r\ntied to the theft of €13 million ($14.4 million) from a Maltese bank.\r\nSee Also: OnDemand | Transform API Security with Unmatched Discovery and Defense\r\nOn Feb. 13, 2019, malware-wielding hackers hit Bank of Valetta, Malta's oldest financial institution and also one\r\nof the largest. The hackers initiated transactions, moving money to bank accounts in the U.S., U.K., Czech\r\nRepublic and Hong Kong, according to local media reports. About 30 minutes after it detected the fraudulent\r\ntransactions, the bank suspended operations, began trying to reverse the fraudulent transfers and worked with\r\ninternational law enforcement partners.\r\nAs part of the investigations into the bank heist, which has been tied to an organized crime gang, Britain's\r\nNational Crime Agency says it arrested two men, ages 22 and 17, last week in London.\r\nhttps://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674\r\nPage 1 of 4\n\nOn Thursday, working with the Police Service of Northern Ireland, NCA agents arrested another man, age 39, in\r\nBelfast.\r\nOn Thursday night, the NCA detained a 33-year-old man at Heathrow Airport after he returned to the U.K. from\r\nChina. He's been questioned and released on bail.\r\nOn Friday morning, two men - ages 23 and 24 - turned themselves in at a police station in Belfast, where they\r\nwere arrested and remain in custody.\r\nAll of the six suspects have been charged with violating money laundering, fraud and theft statutes.\r\nNCA officers arrest a 39-year-old suspect in Belfast on Thursday\r\nOfficers say that of the €13 million stolen on Feb. 13, 2019, about $1.1 million was transferred to a bank account\r\nin Belfast.\r\n\"In the following hours, a number of card payments and cash withdrawals totaling £340,000 ($447,000) were\r\nmade from the account before a block could be put on them,\" the NCA says in a statement. \"They included\r\npayments to high-end stores such as Harrods and Selfridges in London, around £110,000 ($145,000) spent on\r\nRolex watches at a store in London, and payments for a Jaguar and Audi A5 from a car dealership.\"\r\nThe NCA says it's \"still seeking a number of other suspects\" as its investigation continues.\r\n“Our 12-month investigation, carried out with the help of the Malta Police Force Economic Crime Unit, has\r\nfocused on a number of individuals we suspect may have been involved in laundering money on behalf of the\r\norganized crime group who carried out the cyberattack,\" says David Cunningham, the NCA's branch commander\r\nfor Belfast.\r\nhttps://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674\r\nPage 2 of 4\n\n“Working with our law enforcement partners at home and overseas we are determined to do all we can to target\r\nand disrupt those involved in organized crime, here in Northern Ireland and across the rest of the U.K.”\r\nIt's unclear what strain of malware was allegedly used in the February 2019 heist, how much of the stolen €13\r\nmillion has been recovered, and whether the transfers were made via fraudulent SWIFT interbank transactions\r\n(see: Malaysia's Central Bank Blocks Attempted SWIFT Fraud).\r\nPolice in Malta referred all inquires to U.K. police. But the NCA didn't immediately respond to a request for\r\ncomment.\r\nBank Suspended Operations After Attack\r\nBank of Valetta's quick response to the online thefts likely helped forestall even greater losses.\r\nThe bank announced on Feb. 13, 2019, the day that the attack occurred, that it had quickly suspended operations\r\nafter it detected suspicious activity.\r\nPhoto: Bank of Valetta\r\nThe attacks were detected at the start of business on a Wednesday morning, and all bank functions - \"branches,\r\nATMs, mobile banking and even email services\" - were suspended just 30 minutes later, Times of Malta reported.\r\nThe bank quickly issued an alert and apology to customers. \"The bank would like to assure its clients that\r\ncustomer accounts and their funds are in no way impacted or compromised and that the bank is working\r\nrelentlessly to resolve the issue and have its operations running at the earliest possible time,\" it said in a Feb. 13\r\nstatement.\r\nThe government of Malta is one of the bank's clients, and officials at the time told the Maltese that their social\r\nsecurity payments, due to be processed the next day, would be safe.\r\nhttps://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674\r\nPage 3 of 4\n\n\"It is no joke having a bank that controls half the economy shut down for a whole business day, but at this stage\r\ncaution trumped every other consideration,\" said Joseph Muscat at the time, when he was serving as the country's\r\nprime minister.\r\nOn Feb. 14, 2019, the Bank of Valetta announced that almost all services had been restored, after \"rigorous\r\novernight testing of the bank’s IT systems\" had been successful.\r\n\"The bank once again wants to reassure its clients that customer deposits and customer accounts were in no way\r\naffected by this cyberattack,\" it said. \"This unfortunate incident proved that the contingency plans in place and the\r\npreventive measures taken by Bank of Valletta were appropriate and that these measures safeguarded the bank, its\r\ncustomers and stakeholders.\"\r\nSource: https://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674\r\nhttps://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674\r\nPage 4 of 4",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674"
	],
	"report_names": [
		"6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674"
	],
	"threat_actors": [],
	"ts_created_at": 1775434421,
	"ts_updated_at": 1775791263,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/e237c04078b52f6fd82ceabaf0e214c132221fb4.pdf",
		"text": "https://archive.orkl.eu/e237c04078b52f6fd82ceabaf0e214c132221fb4.txt",
		"img": "https://archive.orkl.eu/e237c04078b52f6fd82ceabaf0e214c132221fb4.jpg"
	}
}