SWIFT Hackers Linked to ‘North Korean’ Lazarus Group

The recent SWIFT attacks on banks across the globe have links to the infamous Lazarus Group pegged for the Sony Pictures Entertainment hack, according to Symantec.

The security giant explained in a blog post that it identified three pieces of malware used in a newly discovered set of attacks on South-east Asian banks: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.

On closer inspection it discovered code sharing between early variants of Backdoor.Contopee and Trojan.Banswift – which was used in the $81 million heist at the Bangladesh Bank.

“Symantec believes distinctive code shared between families and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region, means these tools can be attributed to the same group,” it explained.

This means that at least one more bank, in the Philippines, is likely to have been attacked by the Swift hackers that have already been pegged for raids on the Bangladesh Bank, Vietnam’s Tien Phong bank and Ecuador’s Banco del Austro.

However, Backdoor.Contopee also provides a link to the Lazarus gang, which has been observed using the same malware. This raises the prospect that the hackers who attacked Bangladesh Bank and others are North Korean state-sponsored operatives.

Lazarus is linked to a string of attacks since 2009 aimed at US and South Korean organizations. “The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment. The FBI concluded that the North Korean government was responsible for this attack,” explained Symantec.

“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region.”

Global bank transfer messaging organization Swift responded this week by launching a five-point plan for its members designed to fortify their defenses against future attacks.

One of its main tenets is better information sharing within the industry, which Swift says it will help co-ordinate.

Given the level of sophistication in the attacks against Bangladesh Bank and others, it has been suggested in the past that those who carried them out could be insiders.

Infosecurity

« Open Source Intelligence Can Predict Terrorist Attacks
Real-life RoboCop Will Replace Human Cops By 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

ON-DEMAND WEBINAR: Navigating cloud security: The importance of posture management tools

Watch this webinar to see how cloud security posture management (CSPM) tools can fit into your cloud security strategy.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

QinetiQ

QinetiQ

QinetiQ is one of the world's leading defence technology and security companies. Areas of activity include air, land, sea and space systems, weapons, robotics, C4ISR and cyber security.

SecureAuth

SecureAuth

SecureAuth delivers cutting edge identity and information security solutions for cloud, mobile, web, and VPN systems.

Paladion

Paladion

Paladion is a provider of managed IT security services.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Accertify

Accertify

Accertify is a leading provider of fraud prevention, chargeback management, and payment gateway solutions.

GoCyber

GoCyber

GoCyber is a new, highly innovative cyber security training app that uses action based learning to significantly improve the online behaviour of all employees in less than a month.

CloudSphere

CloudSphere

CloudSphere’s flagship Cloud Governance Platform enables enterprises and cloud service providers to simplify and optimize cloud migration, management, and governance.

Gigit

Gigit

Gigit’s Service portfolio focuses on your business’ needs and the integration of comprehensive cybersecurity policies, plans, procedures, and practices into your business culture and operations.

IDX

IDX

IDX is the leading consumer privacy platform built for agility in the digital age.

Information & Communications Technology Association of Jordan (int@j)

Information & Communications Technology Association of Jordan (int@j)

The Information & Communications Technology Association of Jordan is a membership based ICT and IT Enabled Services (ITES) industry advocacy, support and networking association.

Knowledge Lens

Knowledge Lens

Knowledge Lens builds innovative solutions on niche technology areas such as Big Data Analytics, Data Science, Artificial Intelligence, Internet of Things, Augmented Reality, and Blockchain.

Information Services Group (ISG)

Information Services Group (ISG)

As a leading global research and advisory firm, ISG partners with our clients to determine a future vision, lead rapid change and realize the value of your digital investments at scale.

Forta

Forta

Forta is a real-time detection network for security & operational monitoring of blockchain activity.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

OxCyber

OxCyber

OxCyber's mission is to ignite and encourage cybersecurity and technology growth in the Thames Valley through meetings, webinars, in person events, workshops and mentorship programs.