The hackers infiltrated the networks of the banks, siphoning off gigabytes of data, including checking and savings account information, in what security experts described as a sophisticated cyber attack.
The motivation and origin of the attacks are not yet clear, according to investigators. The FBI is involved in the investigation, and in the past few weeks a number of security firms have been brought in to conduct forensic studies of the penetrated computer networks.
It was not clear whether the attacks were financially motivated, or they were collecting intelligence as part of an espionage effort.
“Companies of our size unfortunately experience cyber attacks nearly every day,” said Patricia Wexler, a JPMorgan spokeswoman. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”
J. Peter Donald, an FBI spokesman in New York, declined to comment, citing the current investigation.
The intrusions were first reported by Bloomberg, which indicated that they were the work of Russian hackers. But security experts and government officials said they had not yet made that conclusion.
Earlier this year, iSight Partners, a Dallas-based security firm that provides intelligence on online threats, warned companies that they should be prepared for cyber attacks from Russia in retaliation for Western economic sanctions.
But Adam Meyers, the head of threat intelligence at Crowd Strike, a security firm that works with JPMorgan and other banks, said that it would be “premature” to suggest the attacks were motivated by sanctions. Meyers said he could not speak specifically about JPMorgan or any of his company’s clients.
U.S. intelligence officials said the group was actually a cover for the Iranian government. Officials claimed Iran was waging the attacks in retaliation for Western economic sanctions and for a series of cyberattacks on its own systems.
Banks are also frequent targets for intelligence agencies looking to collect information about their targets. In 2012, Russian security researchers uncovered a computer virus on 2,500 computers, many of them inside major Lebanese banks, including the Bank of Beirut, Blom Bank, Byblos Bank and Credit Libanais. The virus was specifically designed to steal customers’ login credentials to their bank accounts.
The researchers believed the computer virus was state-sponsored and said they had found evidence it had been created by the same programmers who created Flame and Stuxnet, two computer viruses that officials have said were launched by the United States and Israel to spy on computers inside Iran.