A hackers group, calling themselves Shadow Brokers, recently revealed documents publicly, which indicates that the US National Security Agency (NSA) had used the vulnerabilities in software in order to get access to the global money transferring system that is used by the banks.
Upon reviewing the data released by the group it has been seen that NSA had accessed the SWIFT money transfer system through service providers in the Middle East and Latin America.
Matt Suiche, the founder of cybersecurity firm Comae Technologies, wrote in a blog following the revelation that some SWIFT affiliates were at that time in 2013 were using Windows servers, which were vulnerable to the Microsoft exploits mentioned by the groups. The NSA did take advantage of that and got access to the system using these vulnerabilities, confirmed Suiche in that blog post.
"As soon as they bypass the firewalls, they target the machines using Microsoft exploits," Suiche told Reuters. "We now have all of the tools the NSA used to compromise SWIFT (via) Cisco firewalls, Windows," he added.
Microsoft acknowledged the problem and said that the vulnerabilities have already been taken care of and patched.
Although, SWIFT has downplayed the breach saying it's not very significant and it had had no evidence of the main SWIFT network being ever accessed without authorization. Also, they have said in the statement that some of the SWIFT client banks might have been breached but they didn't mention NSA specifically.