Kaspersky Lab has warned Lazarus, which was believed to be behind last year’s Bangladesh bank heist and is also responsible for the recent ATM attacks in different parts of the world. The company said this is further proof that the hacking group is also looking at financial gains over its earlier agenda of disrupting governmental and commercial organisations.
“It connected the attack to Lazarus after a detailed malware analysis, through which it found that the malicious code and techniques used in the South Korean ATM attack had similarities with earlier attacks widely attributed to Lazarus, which is said to be a North Korean cybergang. Over 60 ATMs, managed by one vendor was infected, and details of over 2,500 credit cards were compromised.” Kaspersky said.
The same attackers were also behind the hit on South Korea’s military agency in which 3,000 server hosts were hit in August 2016, Kaspersky Lab added.
“The language used by the hackers showed a common phrase in some samples and included some odd characters.These characters appear in the Korean Windows version, which we believe was copypasted on an English version by the developer,” Vitaly Kamluk, a senior member at Kaspersky Lab, said during the recent Interpol World 2017 cybersecurity conference in Singapore.
“While neither the military nor ATM attacks were huge and damaging, they are evidence of a worrying trend. We believe they are state-sponsored attackers, but this cyber cri me gang has the intention of making profits,” said Seongsu Park, a senior security researcher at the firm.