Global Banks Hit by Watering Hole Blitz

Over 100 organisations worldwide have been hit by a major new coordinated campaign using compromised websites to infect them with malware linked to the infamous Lazarus Group, according to Symantec.

The source of the attack appears to have been the website of the Polish financial regulator, which was compromised and used to redirect visitors to an exploit kit designed to download malware on only 150 specific IP addresses.

Those 104 target organisations are mainly banks, with a spattering of telecoms and some Internet firms located in 31 countries, the security giant claimed.

The campaign has been going since at least October last year, with Symantec blocking 14 attacks against computers in Mexico, 11 against computers in Uruguay, and two against computers in Poland.

Other affected countries apparently include the UK, Colombia, Brazil, Chile, Denmark and Venezuela.

“Analysis of the malware [Downloader.Ratankba] is still underway. Some code strings seen in the malware used shares commonalities with code from malware used by the threat group known as Lazarus,” Symantec explained in a blog post.

“Ratankba was observed contacting eye-watch[.]in for command and control (C&C) communications. Ratankba was then observed downloading a Hacktool. This Hacktool shows distinctive characteristics shared with malware previously associated with Lazarus.”

The Lazarus Group, which is believed to be North Korean in origin, has been pegged for several aggressive attacks on targets in the US and South Korea, most notably a major 2011 DDoS campaign against its near neighbour and the Backdoor.Destover-powered disk-wiping attack on Sony Pictures Entertainment three years later.

It was even linked to the massive $81m heist at the Bangladesh Bank and other attempts to steal money from banks using the global Swift transfer system.

Thus far there’s no evidence that those banks caught in the latest campaign have had any money stolen as a result.

Infosecurity:

 

« UK Under Attack By Russian & Chinese State Sponsored Hackers
Snowden Says Report Proves He’s Not A Spy »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Booz Allen Hamilton

Booz Allen Hamilton

Booz Allen Hamilton is a management & tech consulting firm. Technology services include cloud computing, cyber security, systems development and integration.

PeCERT

PeCERT

PeCERT is the national Computer Emergency Response Team for Peru.

Kenexis

Kenexis

Kenexis is a consulting engineering firm providing services for process hazards analysis, fire and gas mapping, and industrial cybersecurity.

Hypori

Hypori

Hypori is a virtual smartphone solution that makes truly secure BYOD a reality for organizations in healthcare, finance, government, and beyond.

GraVoc

GraVoc

GraVoc is a technology-consulting firm committed to solving business problems for customers through the development, implementation, & support of technology-based solutions.

Science Applications International Corporation (SAIC)

Science Applications International Corporation (SAIC)

SAIC is a premier technology integrator in the technical, engineering, intelligence, and enterprise information technology markets. Services and solutions include Cybersecurity.

Seculert

Seculert

The Seculert Attack Detection & Analytics Platform combines machine-learning based analytics and threat intelligence to automatically detect cyber attacks inside the network.

Altron

Altron

Altron provides locally relevant innovative and integrated ICT solutions to business, government and consumers.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Ogasec

Ogasec

Ogasec is a cybersecurity company formed by the merger between Aker and N-Stalker in 2017. Solutions include Security & Connectivity Networking, Application Security, and Managed Security Services.

The Cyber AB

The Cyber AB

The Cyber AB is the official accreditation body of the Cybersecurity Maturity Model Certification (CMMC) Ecosystem.

Hexaware Technologies

Hexaware Technologies

Hexaware is an automation-led next-generation service provider delivering excellence in IT, BPO and Consulting services.

Training.com.au

Training.com.au

Training.com.au is a comparison website through which those looking to learn about different aspects of cyber security can compare learning courses from training providers from across Australia.

Comcast Technology Solutions (CTS)

Comcast Technology Solutions (CTS)

Comcast Technology Solutions delivers proven technologies for global video, media, communications, data applications, and cybersecurity & compliance.

Endor Labs

Endor Labs

Endor Labs gives developers and security teams the context they need to prioritize open source risk.

SecurEnvoy

SecurEnvoy

SecurEnvoy are a leader in designing zero access trust solutions using the latest cutting-edge technologies, to protect your users, devices and data, whatever the location.