N. Korean Hackers Attacking Cash Machines In India

Uploaded on 2019-10-01 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Financial, INTELLIGENCE--International, INTELLIGENCE-Hot Spots-North Korea, TECHNOLOGY--Hackers

Hackers with ties to North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India. The banking malware called ATMDTrack, has been active in the country since late last summer, according to the experts at  Kaspersky.
 
Their analysis of the malware samples  found them to be part of a bigger remote Trojan (RAT) called DTrack, first detected earlier this month.
 
Calling it a spy tool to attack financial institutions and research centers in India, Kapsersky said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.” The DarkSeoul attacks targeted high-profile facilities in South Korea, including banks and television broadcasters, as well as some financial companies in 2013.The campaign was eventually said to be by the Lazarus Group the main crypto-currency hacker syndicate known for its ties to the North Korean government.
 
The group now has been included in US sanctions for its notorious attacks on critical infrastructure and siphon money from businesses to fund the country’s weapons and missile programs.
 
Collecting Key Logs and Browser Histories
The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware. Aside from disguising itself as a harmless process, the malware can perform a number of operations:  
 
• Keylogging
• Retrieving browser history
• Gathering host IP addresses, information about available networks and active connections
• Listing all running processes
• Listing all files on all available disk volumes
 
The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command and control server. 
 
Classifying ATMDTrack as a subset of the DTrack family, Kaspersky researchers said the developers behind the two malware strains are the “same group of people.” Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behavior.
 
“The vast amount of DTrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development,” Kaspersky said.
 
NextWeb:        Kaspersky
 
You Might Also Read: 
 
US Releases Malware Linked To N. Korean Hacking Group:
 
« Iran Denies It Has Suffered Attacks On Its Oil Production
IT Governance - FREE Guide »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CW Jobs

CW Jobs

CWJobs.co.uk is a leading specialist IT recruitment website covering all areas of IT including Cyber Security.

MailXaminer

MailXaminer

MailXaminer is an advance and powerful email investigation platform that scans digital data, performs analysis, reports on findings and preserves them in a court validated format.

National Cyber Summit (NCS)

National Cyber Summit (NCS)

The National Cyber Summit is the preeminent event for cyber training, education and workforce development aimed at protecting our nation's infrastructure from the ever-evolving cyber threat.

AnubisNetworks

AnubisNetworks

AnubisNetworks is one of Europe’s leading threat intelligence and email security suppliers.

Resec Technologies

Resec Technologies

Resec provides total protection against all types of known and unknown malware threats including viruses, Trojans, ransomware and phishing, regardless of their delivery method.

Perch Security

Perch Security

Perch is a co-managed threat detection and response platform backed by an in-house Security Operations Center (SOC).

ISARR

ISARR

The ISARR software platform - your bespoke Risk, Resilience & Security Management solution. Simple, cost effective and adaptable, now and into the future.

Kratos Defense & Security Solutions

Kratos Defense & Security Solutions

The Kratos Space, Training, and Cybersecurity division addresses key cybersecurity challenges, including cloud security, continuous monitoring, IT security, and risk management.

PreCog Security

PreCog Security

PreCog Security is a US based cybersecurity risk mitigation company. We specialize in helping you find, minimize and manage vulnerability risk within your product, network and process.

AdaCore

AdaCore

AdaCore is focused on helping developers build safe, secure and reliable software.

GitProtect.io

GitProtect.io

​GitProtect is a fully manageable, professional GitHub and Bitbucket backup and recovery software that protects repositories and metadata from any event of failure.

LBMC

LBMC

LBMC is a professional services solutions provider in accounting and finance, human resources, technology, risk and information security, and wealth advisory services.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

CaseMatrix

CaseMatrix

Discover a new era of legal intelligence with CaseMatrix. We identify potential class action cases arising from cyber incidents and data breaches.