Exposed Targeted Malware Employed in Attacks on Polish Banks

Cyber criminals during recent weeks launched malware assaults against banks in Poland a campaign that could be of one far widespread event in which over thirty countries were targeted.

BAE Systems and Symantec the security companies have established a connection between the malicious software employed within the Polish assaults and likewise assaults which occurred since 2016 within several other countries. Likeness among the techniques and tools utilized indicate that the cyber-criminal gang is the well known Lazarus gang.

The institutions affected belong to countries, including Uruguay and Mexico, while far intense prominent targets have been chosen which are situated across many other countries. The assaults have several interesting aspects that pertain to the targets, then the compromise medium and finally the malevolent executables' exact characteristics.

While the issues related to the targets and vector of hijack have been studied in much detail, the harmful binaries of the executables are yet to get the necessary attention. Welivesecurity.com posted this online dated February 16, 2017.

Lazarus executed one "watering hole" assault for inserting code inside online sites targeted so users would be diverted onto an exploit kit that is customized to suit the assault. The identical code that was detected in the site of Polish Supervision Authority from where the Poland assaults were triggered, was found infecting online sites of Banco de la Republica Oriental de Uruguay the bank under the ownership of Uruguay state, and the Mexican National Banking and Stock Commission.

According to the security investigators from Symantec, the Internet Protocol addresses tied to the targets are of a total of 104 separate institutions and organizations based in 31 separate nations. Most of the said institutions and organizations happen to be banks, while a few Internet companies and telecoms also form part of the list.

Lazarus' operations date back to 2009 while the gang chiefly targets South Korea and the United States. The gang seemingly was involved in one $81m heist from Bangladesh's apex bank in 2016.

The attackers know pretty well what they're doing. Naturally that makes incident response teams (IRT) of the different targets high on the alert.

» SPAMfighter News - 2/21/2017