North Korean hackers using fresh malicious program to attack ATM machines

Hackers from North Korea are employing one fresh malware strain which they developed to install onto ATM machines for intercepting data and grabbing the same from cash withdrawal cards once fitted inside the machines, reports Moscow-based security company Kaspersky Lab. The malware, which the company's researchers dubbed ATMDtrack, was found attacking Indian ATMs starting 2018 summer. ATMDtrack lets attackers to view data as also store it after accessing it from cards fitted inside the infected ATMs.

Investigating further the researchers discovered the ATM malicious program as being clubbed with one larger RAT (remote access trojan) which performs conventional espionage operations. Known as Dtrack, its employment occurred just this month (September) for attacking research centers and financial institutions. It's said those attacks' culprit was the widely known Internet spying group Lazarus that operates on behalf of North Korea government.

Listed among the 3 hackers' syndicates Lazarus too was slapped sanction from the United States Treasury as recently as 10 days back because they ran well-organized cyber-attacks against banking institutions, ATM networks, crypto-currency exchanges, online casinos, and gambling sites for theft of funds to be used for amassing weapons as also spending on missile programs of the country. www.zdnet.com posted this, September 23, 2019. During late-2014 after Sony Pictures was brutally hacked, Lazarus reportedly got caught in many security investigators' radars.

Also according to Kaspersky, entities, which got targeted with Dtrack a remote administration tool (RAT), usually work with poor policies of network security as well as similar password standards, and they further remain unsuccessful in tracking intra traffic.

If Dtrack is effectively implemented, the spying program is capable of listing the entire range of available files along with active processes, host Internet Protocol addresses, browser history, and key logging, including details of existing networks together with turned-on connections.

With Dtrack samples being numerous, it shows Lazarus as a highly active Advanced Persistent Threat (APT) group that steadfastly creates threats as well as evolves them suiting to impact big industrial entities. Lazarus' effective employment of Dtrack hits the point that despite any threat looking to vanish, the RAT may resurrect as one separate guise for attacking fresh targets.

» SPAMfighter News - 9/27/2019