N. Korean Hackers Attacking Cash Machines In India

Uploaded on 2019-10-01 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Financial, INTELLIGENCE--International, INTELLIGENCE-Hot Spots-North Korea, TECHNOLOGY--Hackers

Hackers with ties to North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India. The banking malware called ATMDTrack, has been active in the country since late last summer, according to the experts at  Kaspersky.
 
Their analysis of the malware samples  found them to be part of a bigger remote Trojan (RAT) called DTrack, first detected earlier this month.
 
Calling it a spy tool to attack financial institutions and research centers in India, Kapsersky said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.” The DarkSeoul attacks targeted high-profile facilities in South Korea, including banks and television broadcasters, as well as some financial companies in 2013.The campaign was eventually said to be by the Lazarus Group the main crypto-currency hacker syndicate known for its ties to the North Korean government.
 
The group now has been included in US sanctions for its notorious attacks on critical infrastructure and siphon money from businesses to fund the country’s weapons and missile programs.
 
Collecting Key Logs and Browser Histories
The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware. Aside from disguising itself as a harmless process, the malware can perform a number of operations:  
 
• Keylogging
• Retrieving browser history
• Gathering host IP addresses, information about available networks and active connections
• Listing all running processes
• Listing all files on all available disk volumes
 
The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command and control server. 
 
Classifying ATMDTrack as a subset of the DTrack family, Kaspersky researchers said the developers behind the two malware strains are the “same group of people.” Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behavior.
 
“The vast amount of DTrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development,” Kaspersky said.
 
NextWeb:        Kaspersky
 
You Might Also Read: 
 
US Releases Malware Linked To N. Korean Hacking Group:
 
« Iran Denies It Has Suffered Attacks On Its Oil Production
IT Governance - FREE Guide »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

PubNub

PubNub

PubNub enables developers to build secure realtime Mobile, Web, and IoT Apps.

Fasoo

Fasoo

Fasoo provides data-centric security to protect data within the organizational perimeter and beyond by limiting access to sensitive data according to policies that cover both users and activities.

Threat Intelligence

Threat Intelligence

Threat Intelligence is a specialist security company providing penetration testing, threat intelligence, incident response and training services.

Inseego

Inseego

Inseego provides Enterprise SaaS solutions and IoT & Mobile solutions, which together form the backbone of intelligent, reliable and secure IoT services with deep business intelligence.

EvoNexus

EvoNexus

EvoNexus is a technology startup incubator with locations in San Diego, Orange County, and Silicon Valley.

Africa ICS Cyber Security Conference

Africa ICS Cyber Security Conference

Africa's largest ICS Cyber Security Conference and Expo. The only platform that will proudly present top level B2B and B2C networking opportunities.

MISP Project

MISP Project

The MISP threat sharing platform is a free and open source software helping information sharing of threat intelligence including cyber security indicators.

Protected Media

Protected Media

Protected Media’s advanced cybersecurity ad fraud solution guards you against current and emerging threats across Connected TV, Display and Video advertising.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

CyberHub

CyberHub

CyberHub is an educational platform that offers professional courses and knowledge sharing through articles and videos to help students discover their potential in cybersecurity.

Klaatu IT Security (KITS)

Klaatu IT Security (KITS)

Klaatu IT Security is a boutique provider of cyber security services, empowering our clients to prioritise and reduce their cyber risk.

Allot

Allot

Allot are a global provider of leading innovative network intelligence and security solutions for Service Providers and Enterprises worldwide.

Secuvy

Secuvy

Secuvy leads in data security, privacy, compliance, and governance, offering a unified platform for proactive data discovery, management, protection, and enhanced data value.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Convergence Networks

Convergence Networks

Convergence Networks is one of North America's leading Managed Services & Security Providers.

Quantum Dice

Quantum Dice

Quantum Dice is an award-winning venture-backed spinout from Oxford University’s world-renowned quantum optics laboratory.