Latest Threat Research: LetMeowIn – Analysis of a Credential Dumper

Get Informed


Cayman National Bank Limited Admits to Being Breached

Phineas Fisher: As was reported yesterday, the highly capable hacker Phineas Fisher has posted a new manifesto as well as a challenge to others to hack major companies.  In the Manifesto, Phineas Fisher calls out their attack on “Cayman Bank and Trust Company (Isle of Man)”, it has now been confirmed that it was the Cayman National Bank, from the Isle of Man, Limited that was the victim of that attack.  A spokesman for the bank stated on Monday that “it is known that the Cayman National Bank (Isle of Man) Limited was amongst a number of banks targeted and subject to the same hacking activity.”  Cayman National is working with law enforcement and has stated that they have identified the stolen data, but that they have seen no indications that any money was stolen from either the bank or their customers.

Analyst Notes

Parts of the wording in Phineas Fisher’s manifesto are vague and could be a bit misleading. They say that they “robbed a bank to give the money away” but do not specifically say that the funds were taken from the Cayman National Bank, or that they robbed it specifically of the money it contained. It is possible that either the funds were stolen from a different bank that was targeted in their campaign or that they sold some of the information that was stolen during the breach of Cayman National Bank instead of leaking all of it on Distributed Denial of Secrets. Although Phineas Fisher only admits to the one attack, the statement from Cayman National indicates that other financial institutions were targeted as well. This information was likely obtained through coordination with other financial institutions who noted similar activity on their own networks, or through work with law enforcement who had received complaints from other financial institutions. The offer of a $100,000 payday is one that would be difficult for many to pass up at least attempting to get, making it likely that the organizations which Phineas Fisher expressed interest in will see an increase in attempts to compromise their networks. Information about Cayman National’s confirmation of the attack was shared through Vice and more information can be found here: