Symantec found that the group behind the Bangladesh Bank SWIFT theft and the attempted Tien Phong Bank transfer also deployed malware against a bank in the Philippines. The activity used tools including Trojan.Banswift and Backdoor.Contopee variants, with distinctive shared wiping code connecting the Bangladesh attack, earlier Vietnam-linked activity, and other limited targeted attacks on Southeast Asian financial institutions. Backdoor.Contopee had previously been associated with Lazarus, and the report notes historical links between Lazarus activity and destructive attacks such as the Sony Pictures intrusion. The findings matter because they indicate the SWIFT-focused bank intrusions were part of a broader, adaptive campaign against regional financial targets rather than isolated fraud events.