N. Korean Hackers Attacking Cash Machines In India

Hackers with ties to North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India. The banking malware called ATMDTrack, has been active in the country since late last summer, according to the experts at  Kaspersky.
 
Their analysis of the malware samples  found them to be part of a bigger remote Trojan (RAT) called DTrack, first detected earlier this month.
 
Calling it a spy tool to attack financial institutions and research centers in India, Kapsersky said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.” The DarkSeoul attacks targeted high-profile facilities in South Korea, including banks and television broadcasters, as well as some financial companies in 2013.The campaign was eventually said to be by the Lazarus Group the main crypto-currency hacker syndicate known for its ties to the North Korean government.
 
The group now has been included in US sanctions for its notorious attacks on critical infrastructure and siphon money from businesses to fund the country’s weapons and missile programs.
 
Collecting Key Logs and Browser Histories
The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware. Aside from disguising itself as a harmless process, the malware can perform a number of operations:  
 
• Keylogging
• Retrieving browser history
• Gathering host IP addresses, information about available networks and active connections
• Listing all running processes
• Listing all files on all available disk volumes
 
The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command and control server. 
 
Classifying ATMDTrack as a subset of the DTrack family, Kaspersky researchers said the developers behind the two malware strains are the “same group of people.” Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behavior.
 
“The vast amount of DTrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development,” Kaspersky said.
 
NextWeb:        Kaspersky
 
You Might Also Read: 
 
US Releases Malware Linked To N. Korean Hacking Group:
 
« Iran Denies It Has Suffered Attacks On Its Oil Production
IT Governance - FREE Guide »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

QTS

QTS

QTS Realty Trust, Inc. is a leading provider of secure, compliant data center, hybrid cloud and managed services.

Mobile Guroo

Mobile Guroo

Mobile Guroo is a strategy and systems integrator for Enterprise Mobility Management projects.

Bastille

Bastille

Bastille’s patented software and security sensors bring visibility to devices emitting radio signals (Wi-Fi, cellular, IoT) in your organization.

The Legal 500

The Legal 500

The Legal 500 Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. Practice areas covered include Data Protection, Privacy and Cybersecurity.

Startup Wise Guys

Startup Wise Guys

Startup Wise Guys is a mentorship-driven accelerator program for early stage B2B SaaS, Fintech, Cybersecurity & Defense AI startups.

Dcode

Dcode

Dcode connects the tech industry and government to drive commercial innovation in the federal market.

Yoti

Yoti

Yoti offer a suite of business solutions that span identity verification, age estimation, e-signing and AI anti-spoofing technologies.

Wickr

Wickr

Wickr's mission is to secure the world's most critical communications. Wickr provides the highest standard of encryption trusted by millions worldwide.

Eunetic

Eunetic

Eunetic IT security solutions - we secure your websites, emails, domains and data.

Cenobe Cyber Security

Cenobe Cyber Security

Cenobe provides customized solutions to keep you ahead of potential threats and ensure the security of your organization's systems and data.

Mercury Systems

Mercury Systems

Mercury Systems is the leader in making trusted, secure mission-critical technologies profoundly more accessible to aerospace and defense.

Codenotary

Codenotary

Codenotary provide a comprehensive suite of verification and enforcement services to guarantee the integrity of your software throughout its entire lifecycle.

Sinergi Digital

Sinergi Digital

Sinergi Digital is a business unit of the Metrodata Group with a focus on providing ICT solution to help accelerating digital transformation.

Arcfield

Arcfield

Arcfield protects the nation and its allies through innovations in systems engineering and integration, space and mission launch assurance, cybersecurity, and missile support.

FSP

FSP

FSP is a leading consultancy specialising in Digital, Security and AI solutions. We navigate the complexities of data sensitivity, confidentiality, governance and compliance.

GlitchSecure

GlitchSecure

GlitchSecure helps companies secure their products and infrastructure through real-time continuous security testing.