Home News Kaspersky: S. Korea cyber-espionage attack possible tie with Lazarus

Kaspersky: S. Korea cyber-espionage attack possible tie with Lazarus

Author

Date

Category

- Advertisement -

Kaspersky Lab said today its researchers have connected a 2016 cyber-espionage attack on South Korea’s defense agency with a later attack that infected 60 ATMs and stole the data from over 2,000 credit cards.

This was made possible following a detailed malware analysis, said Kaspersky. 

Further, the malicious code and techniques used in both attacks share similarities with earlier attacks widely attributed to the infamous Lazarus group, responsible for series of devastating attacks against commercial and government organizations around the world.

- Advertisement -

“While neither the military nor the ATM attacks were huge and damaging, they are evidence of a worrying trend.  South Korea has been the target of cyberespionage attacks since at least 2013, but this is the first time that its ATMs have been targeted purely for financial gain. 

“If the connections we found are accurate, this is yet another example of the Lazarus group turning its attention and considerable malicious arsenal to profiteering.  Banks and other financial institutions need to fortify their defenses before it’s too late,” said Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

In August 2016, a cyberattack on South Korea’s Ministry of National Defense infected around 3,000 hosts.

The Defense Agency reported (Korean) the incident publically in December 2016, admitting that some confidential information could have been exposed.

Six months later, at least 60 ATMs in South Korea, managed by a single local vendor, were compromised with malware.

The incident was reported (Korean)by the Financial Security Institute and, according to the Financial Supervisory Service, resulted in the theft of the details of 2,500 financial cards and the illegal withdrawal in Taiwan of approximately 2,500 USD from these accounts.

Kaspersky Lab researched the malware used in the ATM incident and discovered that the machines were attacked with the same malicious code used to hit the Korean Ministry of National Defense in August 2016.

Exploring the connection between these attacks and earlier hacks, Kaspersky Lab has found similarities with the DarkSeoul malicious operations, and others, which are attributed to the Lazarus hacking group.

The commonalities include, among other things, the use of the same decryption routines and obfuscation techniques, overlap in command and control infrastructure, and similarities in code.

Lazarus is an active cybercriminal group believed to be behind a number of massive and devastating cyberattacks worldwide including the Sony Pictures hack in 2014 and the $81 million Bangladesh Bank heist last year.

 

 

Send in your scoop to news@theindependent.sg 

- Advertisement -

JTC issues stop-work order on contractor that ‘erroneously’ cleared Kranji woodlands

Singapore – The contractor that “erroneously” cleared a forested area at Kranji has announced it has been issued a stop-work order by JTC and is assisting the developer with investigations on the issue. On Feb 16, state-owned industrial property developer JTC responded...

Clementi, Dover, Kranji: Singapore’s grand conservation plan is to plant trees and destroy forests

Yes, we love to plant trees. Since Lee Kuan Yew started the whole ritual, at least 10,000 saplings are planted every year since 1963 as part of the Tree Planting campaign. Impressive indeed. Singapore Clean and Green. At the same time,...

Ex-UOB vice-president charged with mishandling over S$5.4 million

Singapore—Sixty-five-year-old Ling Shek Lun, who used to be a  vice-president at UOB, has been charged with mishandling millions of dollars, reported straitstimes.com (ST) on Friday (Feb 19). Ling, a Singaporean who was charged in district court on Feb 10, faces two charges...

Send in your scoop to news@theindependent.sg 

Theindependent