Millions Stolen by North Korea-Linked Hacking Group from Atms in Africa and Asia
The latest report from Symantec, the cyber security firm, has revealed that North Korea-linked infamous hacking group called Lazarus has been estimated to have stolen millions of dollars from the ATMs of banks in Africa and Asia.
The research team of Symantec has uncovered the vital component that was used by the group in all its recent financial attacks. This operation, called "FASTCash", enabled the Lazarus to empty the cash ATMs fraudulently.
As per Symantec's statement on late Thursday (i.e. on 8 November, 2018), Lazarus first breaches the networks of the targeted banks' and then compromises switch application servers that were handling the ATM transactions for making the fraudulent withdrawals.
Symantec said that US-CERT, the FBI, the Department of the Treasury, and the Department of Homeland Security have issued an alert on 2 October, 2018. As per Symantec, "according to this new alert, Hidden Cobra (the US government's code name for Lazarus) has been conducting "FASTCash" attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016".
Lazarus, the hacking group, was linked to several attacks against everything from government agencies to banks across the world, which also includes the attack on Sony Pictures in the year 2014. In recent times, Lazarus gets involved in the financially motivated attacks, which includes the outbreak of "WannaCry" ransomware in May 2017 and $81 million theft in Bangladesh Central Bank.
One of the incidents of 2017 saw withdrawal of cash at the same time from ATMs in more than 30 different countries, as per US government alert. In a major incident of 2018, cash was withdrawn from ATMs of 23 countries. Till now, the FASTCash operation of Lazarus has been predicted to have stolen millions of dollars.
The Symantec team explained that "once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware in turn intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs".
The recent string of FASTCash attacks shows that the financially motivated attacks can be considered now as one of the core activities of the Lazarus group. "Lazarus continues to pose a serious threat to the financial sector, and organisations should take all necessary steps to ensure that their payment systems are fully up to date and secured," Symantec added.
» SPAMfighter News - 11/21/2018
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!