Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Millions Stolen by North Korea-Linked Hacking Group from Atms in Africa and Asia

The latest report from Symantec, the cyber security firm, has revealed that North Korea-linked infamous hacking group called Lazarus has been estimated to have stolen millions of dollars from the ATMs of banks in Africa and Asia.


The research team of Symantec has uncovered the vital component that was used by the group in all its recent financial attacks. This operation, called "FASTCash", enabled the Lazarus to empty the cash ATMs fraudulently.


As per Symantec's statement on late Thursday (i.e. on 8 November, 2018), Lazarus first breaches the networks of the targeted banks' and then compromises switch application servers that were handling the ATM transactions for making the fraudulent withdrawals.


Symantec said that US-CERT, the FBI, the Department of the Treasury, and the Department of Homeland Security have issued an alert on 2 October, 2018. As per Symantec, "according to this new alert, Hidden Cobra (the US government's code name for Lazarus) has been conducting "FASTCash" attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016".

Lazarus, the hacking group, was linked to several attacks against everything from government agencies to banks across the world, which also includes the attack on Sony Pictures in the year 2014. In recent times, Lazarus gets involved in the financially motivated attacks, which includes the outbreak of "WannaCry" ransomware in May 2017 and $81 million theft in Bangladesh Central Bank.


One of the incidents of 2017 saw withdrawal of cash at the same time from ATMs in more than 30 different countries, as per US government alert. In a major incident of 2018, cash was withdrawn from ATMs of 23 countries. Till now, the FASTCash operation of Lazarus has been predicted to have stolen millions of dollars.


The Symantec team explained that "once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware in turn intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs".


The recent string of FASTCash attacks shows that the financially motivated attacks can be considered now as one of the core activities of the Lazarus group. "Lazarus continues to pose a serious threat to the financial sector, and organisations should take all necessary steps to ensure that their payment systems are fully up to date and secured," Symantec added.

» SPAMfighter News - 11/21/2018

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page