North Korea hackers attacking banks worldwide
April 5, 2017 | Expert Insights
North Korea's hacking operations are growing and getting more bold -- and increasingly targeting financial institutions worldwide. North Korea is now being linked to attacks on banks in 18 countries, according to a new report from Russian cybersecurity firm Kaspersky.
What was contained in the report?
Banks and security researchers have previously identified four similar cyber-heists attempted on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam. But researchers at Kaspersky now say the same hacking operation -- known as "Lazarus" -- also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
One recent example is a trap set at the website of Poland's financial regulator. Hackers embedded malicious code onto that Polish website, according to BAE Systems. And they limited the infections to visitors from particular internet addresses -- employees at banks.
The code showed that Lazarus hackers created a list of 150 internet addresses that served as "a hit list," said Eric Chien, a researcher at Symantec, which issued its own warning about North Korea hacking earlier this year
Analysis
Hackers typically launch cyberattacks from computer servers far from home to avoid attribution. The Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to setup the attack server. But there was apparently one mistake: A connection that briefly came from North Korea. In February 2016, when hackers attacked Bangladesh’s central bank, it was found that a similar code was used.
In 2013, when South Korea's banks and broadcasters were attacked, that government blamed its neighbour to the north. In 2014, the US government blamed North Korea for the hack on Sony Pictures. Clues in both cases pointed to Lazarus.
Assessment
The immediate provocation seems to be a retaliation by North Korea against the global community who have been trying to prevent them from accessing global financial systems.
Comments