Russian hackers with "loose connections" to Vladimir Putin's government were reportedly behind the massive JPMorgan cyber-heist understood to have hit 83 million households and businesses in the US.
According to the New York Times, nine other Stateside financial institutions were also targeted by wrongdoers involved in the huge data breach.
The identities of those banks and brokerage outfits was not disclosed, however.
The newspaper, citing people briefed on the matter, reported late on Friday that the hackers were believed to be operating from Russia and appeared to have vague links to officials in Putin's administration.
US spooks and policy-makers based in Washington are said to be deeply concerned by the attacks, even though they have publicly kept their cool about the successful hacks, the NYT added.
It's been speculated that the seismic data breach had been carried out as a warning to Wall Street and the US government.
An unnamed senior intelligence official told the paper that the attacks "could be in retaliation for the sanctions” placed on Russia. The insider added: "But it could be mixed motives – to steal if they can, or to sell whatever information they could glean."
Meanwhile, the report also revealed that hackers got their hands on a JPMorgan file containing "a list of every application and program deployed" on the bank's standard computers. The NYT said that "hackers can crosscheck with known, or new, vulnerabilities in each system in a search for a backdoor entry."
Replacing those programs will take time and cost big bucks, apparently.
On Thursday, JPMorgan publicly revealed details of the attack for the first time, after rumours of a serious data breach at the bank started circulating in August, when the FBI was said to be investigating the matter.
The company said that the culprits made off with names, addresses, phone numbers, email addresses and internal JPMorgan information for millions of its customers. The banking giant claimed, however, that no login details – including account numbers and passwords – had been compromised in the cyber-heist.
It's been claimed since the rumours of JPMorgan's data breach first emerged in August that Russian criminals – possibly aided in some way by Putin's government – were behind the attack. ®