BAE Systems linked the Far Eastern International Bank intrusion to a cyber-enabled heist in which attackers abused systems connected to the SWIFT network and moved funds to overseas beneficiaries. Malware samples uploaded after the incident included known Lazarus tools and Hermes ransomware, with the ransomware assessed as possibly serving as a distraction or cover while the theft was underway. The Bitsran loader established registry persistence, attempted to kill Trend Micro services, unpacked an embedded polyglot ZIP payload, and spread across the internal network using hardcoded FEIB-related credentials and SMB access to a list of more than 5,000 IP addresses. Hermes deleted shadow copies and backup files before encrypting local and network resources, while other samples matched Lazarus backdoors previously associated with watering-hole activity in Poland and Mexico. The case matters because it combined bank-fraud operations, internal reconnaissance, credential use, lateral movement, destructive ransomware behavior, and Lazarus-linked tooling in one intrusion.