Hermes Ransomware Employed by North Korean Hackers for a Recent Bank Theft

A cybercrime ring associated with North Korea suspected of attacking central bank of Bangladesh last year is expected to be responsible for the current robbery of $60 million from a Taiwanese bank, confirmed by cyber security experts. As claimed by the evidence, Lazarus Group, an ill-reputed hacking crew expected to be functioning exterior to North Korea geographies, is the culprit of a recent hack on the Taiwan's Far Eastern International Bank (FEIB).

As announced by the officials of Sri Lanka, they arrested an individual withdrawing $195,000 and attempting to cash in another sum of $52,000 from Taiwan out of the three different local bank accounts in Bank of Ceylon. A day later, another person was arrested. This incidence came into notice of international media as it was the latest in a series of bank hefts that depended on crooks employing malware to capture the bank's SWIFT account and exploit the SWIFT inter-banking transactions system to transfer money to novel destinations, the same posted on 17th October 2017 on bleepingcomputer.com.

The suspected group Lazarus is expected to be long linked to the performing financial cybercrimes. Furthermore, as stated by the BAE experts, the group is behind the Bangladesh Bank's theft and is also guilty to similar thefts in banks in Poland and Mexico.

Lazarus uses credential of employees to access the SWIFT account of a bank and transfer money to distinct banks in Cambodia, U.S., and Sri Lanka. As per the experts, such transactions were identified with the MT202COV and MT103 transaction codes, but there was an error in using the MT202COV codes, which enable the bank to identify the breach.

The security professionals have even linked Lazarus to the attack of WannaCry, which was a ransomware assault instigated in May and targeted more than 200,000 desktops in across more than 100 countries. This attack targeted Windows systems lacking latest safety patches.

Despite their continued efforts in getting onto the bank's payment systems, the Lazarus group is still finding it difficult to get the cash, as the payments have been reversed soon right after the disclosure of the attack. It is possible, that the group might be identifying new victims or planning new tricks to accomplish their bad goals, like distinct message formats, and utilization of ransomware across their network in order to successfully execute their other activities.

» SPAMfighter News - 10/26/2017