Cybersecurity company Symantec said the hackers who stole $81 million from Bangladesh’s central bank have been linked to an attack on a bank in the Philippines, in addition to the 2014 hack on Sony Pictures. A minimum of three banks have currently come forward to report financial attacks based on the SWIFT hack. Apart from the well-publicized Bangladesh cyber theft, the Tien Phong Bank in Vietnam also reported that it had been targeted by the hackers in May, although they were able to successfully halt the transfer of $1m.

The security researchers who revealed this information in a blog post on Thursday also said the same malware used by the group was also utilized in attacks against a bank in the Philippines. Additionally, some of the tools used by the hackers share similar code with malware used in previous attacks linked to a cyber threat group referred to as Lazarus, according to Symantec.

Three distinct pieces of malware identified by Symantec were being used in limited targeted attacks against the financial industry in South-East Asia. They are Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.

 At first, it was unclear what the motivation behind these attacks were, however code sharing between Trojan.Banswift (used in the Bangladesh attack used to manipulate SWIFT transactions) and early variants of Backdoor.Contopee provided a connection, said Symantec.

The link is not conclusive, however. Hacking groups often share and sell code, and the Sony Pictures hack is several degrees removed from the Swift attacks.

Another cybersecurity firm, BAE Systems, said this month that the distinctive computer code used to erase the tracks of hackers in the Bangladesh Bank heist was similar to code used to attack Sony.