Redbanc security breach linked to Lazarus Group

 

Redbanc an interbank network of Chile had been subject to a cyber attack during December 2018. The incident has just been disclosed and associated with Lazarus the APT (advanced persistent threat) syndicate linked to North Korea. Redbanc the inter-banking network runs in collaboration with twenty one banks in Chile, while takes the
onus of the total 3,688 ATMs' operations in the country.

 

According to security researchers of FlashPoint, the Redbanc cyber attack used one malware toolkit called PowerRatankba, which while associated with the APT syndicate, is said to be the most recent tool affiliated to Lazarus. The toolkit is employed for financially inclined operations aimed at Latin America's financial institutions.

 

The researchers explain that the hack into Redbanc happened through the malware served from the system of certain trustworthy IT professional in the interbank network, the person who followed one web-link for making a job application via social media. Unwittingly and eventually, the applicant got duped into running the malicious program.

 

However, according to TrendTIC's revelation, the hack in fact got about via channeling through one PC of Redbloc which had contracted the infection. Lazarus had apparently posted one well-paid job opening for software developer on the professional social media site LinkedIn as a lure to get somebody ensnared. For the potential victim totally convinced about the authenticity of the recruitment, there was then an instruction that he should load one program known as "ApplicationPDF.exe" to continue with making the application complete.

 

And though AV software was running on the PC, it failed to detect the malware; as a result, the PowerRatankba got loaded onto the system. Subsequently, the entire network's contact nodes opened up to the hackers, who gained admission into information comprising computer usernames, running processes, proxy settings, OS details, RDP connection positions, and SMB and RPC shares. www.technadu.com posted this dated January 16, 2019.

 

Now in a press release by Redbloc, it's evident that the hackers couldn't proceed with the infection process onto any subsequent phases for deliverance of more intrusive programs onto the contaminated system, since the company experts found the contamination after which they quarantined the affected computer.

 

» SPAMfighter News - 1/21/2019

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page
Next