Re: Gained persistent access to internal bank network
Did it ever occur to you that the attackers use that approach called "conceal and camouflage".
For starters, run the C&C comms through Google Mail. Or through a hacked wordpress site which is popular in the finance industry. Nicely encrypt it in https so that your funny firewall sees just noise. Or camouflage as the traffic of a internet banking client.
Then(or alternatively) gather the credentials of the sys admins, conquer the firewall and install some malware to filter out the nefarious traffic. It happened at Sony America...
No, we really need unhackable computers rather sooner than later.