BENGALURU: Cybersecurity firm Kaspersky Lab has warned that the infamous hacking group Lazarus, which was believed to be behind last year’s Bangladesh bank heist and the 2014 attack on Sony Pictures, is also responsible for the recent ATM attacks in different parts of the world. This includes the cyberattacks that hit several ATMs in South Korea earlier this year. The company said this is further proof that the hacking group is also looking at financial gains over its earlier agenda of disrupting governmental and commercial organisations.
The Russian company said it connected the attack to Lazarus after a detailed malware analysis, through which it found that the malicious code and techniques used in the South Korean ATM attack had similarities with earlier attacks widely attributed to Lazarus, which is said to be a North Korean cybergang. Over 60 ATMs, managed by one vendor was infected, and details of over 2,500 credit cards were compromised.
The same attackers were also behind the hit on South Korea’s military agency in which 3,000 server hosts were hit in August 2016, Kaspersky Lab said.
“The language used by the hackers showed a common phrase in some samples and included some odd characters.These characters appear in the Korean Windows version, which we believe was copy-pasted on an English version by the developer,“ Vitaly Kamluk, a senior member at Kaspersky Lab, said during the recent Interpol World 2017 cybersecurity conference in Singapore.
“While neither the military nor ATM attacks were huge and damaging, they are evidence of a worrying trend. We believe they are state-sponsored attackers, but this cyber crime gang has the intention of making profits,“ said Seongsu Park, a senior security researcher at the firm.
The hackers had breached Bangladesh’ central banking system and stole $81 million last year.