Breach taxonomy
Summary
On February 21, 2024, the Federal Home Loan Bank of New York detected an attempt by unknown persons to fraudulently obtain funds from the Bank. Investigation determined that a fourth-party vendor (a vendor of a Bank vendor) had been compromised, enabling the fraud attempt. The Bank's own IT systems and networks were not compromised, no unauthorized transactions were executed, and no funds were transferred. Bank members were able to continue transacting throughout the incident.
Tagging rationale
ThreatCyber Criminals
Filing describes an attempt to fraudulently obtain funds via a compromised vendor — consistent with financially motivated cybercriminals; no explicit attribution but financial fraud motive is clear.
MethodsSupply Chain
Filing explicitly states the incident was caused by a fourth-party vendor (a vendor of a Bank vendor) being compromised — a supply chain attack vector.