SWIFT Hackers Linked to ‘North Korean’ Lazarus Group

The recent SWIFT attacks on banks across the globe have links to the infamous Lazarus Group pegged for the Sony Pictures Entertainment hack, according to Symantec.

The security giant explained in a blog post that it identified three pieces of malware used in a newly discovered set of attacks on South-east Asian banks: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.

On closer inspection it discovered code sharing between early variants of Backdoor.Contopee and Trojan.Banswift – which was used in the $81 million heist at the Bangladesh Bank.

“Symantec believes distinctive code shared between families and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region, means these tools can be attributed to the same group,” it explained.

This means that at least one more bank, in the Philippines, is likely to have been attacked by the Swift hackers that have already been pegged for raids on the Bangladesh Bank, Vietnam’s Tien Phong bank and Ecuador’s Banco del Austro.

However, Backdoor.Contopee also provides a link to the Lazarus gang, which has been observed using the same malware. This raises the prospect that the hackers who attacked Bangladesh Bank and others are North Korean state-sponsored operatives.

Lazarus is linked to a string of attacks since 2009 aimed at US and South Korean organizations. “The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment. The FBI concluded that the North Korean government was responsible for this attack,” explained Symantec.

“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region.”

Global bank transfer messaging organization Swift responded this week by launching a five-point plan for its members designed to fortify their defenses against future attacks.

One of its main tenets is better information sharing within the industry, which Swift says it will help co-ordinate.

Given the level of sophistication in the attacks against Bangladesh Bank and others, it has been suggested in the past that those who carried them out could be insiders.

Infosecurity

« Open Source Intelligence Can Predict Terrorist Attacks
Real-life RoboCop Will Replace Human Cops By 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Conscio Technologies

Conscio Technologies

Conscio Technologies is a specialist in IT security awareness. Our solutions allow you to easily manage innovative online IT awareness campaigns.

QNAP Systems

QNAP Systems

QNAP Systems, Inc. delivers world class network attached storage (NAS) and network video recorder (NVR) solutions.

CionSystems

CionSystems

CionSystems provides identity, access and authentication solutions to improve security and streamline IT infrastructure management.

Genua

Genua

Genua is a specialist in IT security services and solutions ranging from network and infrastructure security to encrypted comms and industrial automation.

Information Systems Security Partners (ISSP)

Information Systems Security Partners (ISSP)

ISSP is a specialized system integrator focused on the information security needs of its corporate clients and providing best in class products and services for securing organizational information.

Ritz

Ritz

Ritz is the largest holistic pure-play cyber security solutions provider in Myanmar.

National Cyber Security Center (NCSC) - Hungary

National Cyber Security Center (NCSC) - Hungary

The National Cyber Security Center was established in 2015 by uniting the GovCERT-Hungary, National Electronic Information Security Authority (NEISA) and the Cyber Defence Management Authority (CDMA).

AppTec

AppTec

AppTec is a leading software vendor in the field of Unified Endpoint Management and Mobile Security.

A3Sec

A3Sec

A3Sec provides professional solutions in the areas of Cybersecurity, Device Monitoring, Business Intelligence and Big Data.

Blockchain Reactor

Blockchain Reactor

Blockchain Reactor is a blockchain consultancy and implementation company providing cutting-edge blockchain solutions for start-ups and enterprises.

Belle de Mai Incubator

Belle de Mai Incubator

Belle de Mai Incubator supports and funds innovative startup ideas in digital industries.

CyberSN

CyberSN

CyberSN matches cybersecurity professionals to jobs and removes the pain from job searching and hiring.

Breadcrumb Cybersecurity

Breadcrumb Cybersecurity

Breadcrumb Cybersecurity is a cybersecurity and advisory firm. We specialize in penetration testing, threat hunting, incident response, regulatory compliance, and employee training services.

ICS

ICS

ICS is a leading provider of outsourced IT services, cybersecurity, communications, and distributed workforce solutions throughout the US.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

CypherEye

CypherEye

CypherEye is a next generation trust platform that advances the current state of Multi-factor Authentication (MFA) to enable highly secure, private and auditable cyber-transactions.