Investigators looking into the Bangladesh heist have not concluded who conducted the theft, but do believe the group was "highly sophisticated and well-funded," according to the source familiar with the investigation. They have also concluded that one of the groups that penetrated the bank's system — but not the one that conducted the theft — used techniques similar to the devastating 2014 cyberattack on Sony.
U.S. officials concluded at the time that the Sony attack was sponsored by North Korea. But investigators have not concluded that the North Koreans were necessarily inside the Bangladesh computers. It is at least possible, they believe, that the group they have identified is a freelance hacking entity that worked for North Korea in the past and is working for entities unknown — or simply for itself — now.
Investigators say they do not have any information on the third entity found inside the Bangladesh computers, except to conclude that the penetration did not appear to be an effort to steal money, perhaps only to gather information.
The New York Fed has said it has found no evidence that its own systems were compromised by the hackers.
Investigators currently hypothesize that the Bangladesh heist was conducted by a criminal gang, not a nation state.