Global Banks Hit by Watering Hole Blitz

Over 100 organisations worldwide have been hit by a major new coordinated campaign using compromised websites to infect them with malware linked to the infamous Lazarus Group, according to Symantec.

The source of the attack appears to have been the website of the Polish financial regulator, which was compromised and used to redirect visitors to an exploit kit designed to download malware on only 150 specific IP addresses.

Those 104 target organisations are mainly banks, with a spattering of telecoms and some Internet firms located in 31 countries, the security giant claimed.

The campaign has been going since at least October last year, with Symantec blocking 14 attacks against computers in Mexico, 11 against computers in Uruguay, and two against computers in Poland.

Other affected countries apparently include the UK, Colombia, Brazil, Chile, Denmark and Venezuela.

“Analysis of the malware [Downloader.Ratankba] is still underway. Some code strings seen in the malware used shares commonalities with code from malware used by the threat group known as Lazarus,” Symantec explained in a blog post.

“Ratankba was observed contacting eye-watch[.]in for command and control (C&C) communications. Ratankba was then observed downloading a Hacktool. This Hacktool shows distinctive characteristics shared with malware previously associated with Lazarus.”

The Lazarus Group, which is believed to be North Korean in origin, has been pegged for several aggressive attacks on targets in the US and South Korea, most notably a major 2011 DDoS campaign against its near neighbour and the Backdoor.Destover-powered disk-wiping attack on Sony Pictures Entertainment three years later.

It was even linked to the massive $81m heist at the Bangladesh Bank and other attempts to steal money from banks using the global Swift transfer system.

Thus far there’s no evidence that those banks caught in the latest campaign have had any money stolen as a result.

Infosecurity:

 

« UK Under Attack By Russian & Chinese State Sponsored Hackers
Snowden Says Report Proves He’s Not A Spy »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

ACME Communications

ACME Communications

ACME Communications specialises in the field of data centre, implementation, maintenance & operation and all aspects of other IT service.

Usenix

Usenix

Usenix brings together the community of engineers, system administrators, scientists, and technicians working on the cutting edge of computing.

SentryBay

SentryBay

SentryBay is a real-time data security company developing technology for PC, mobile, the cloud and IoT.

Marcus Donald People

Marcus Donald People

Marcus Donald People is a UK IT recruitment specialist covering the following sectors: Infrastructure & Cloud, Information Security, Development, Business transformation.

Augusta HiTech

Augusta HiTech

Augusta Hitech is a focused product development, software services and technology consulting company. Our Vision is to become the most socially impactful and innovative technology company in the world

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

NanoVMs

NanoVMs

NanoVMs is the industry's only unikernel platform available today. NanoVMs runs your applications as secure, isolated virtual machines faster than bare metal installs.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

KSOC Labs

KSOC Labs

KSOC is an event-driven SaaS platform built to automatically remediate Kubernetes security risks.

CYDEF

CYDEF

CYDEF provides comprehensive, state-of-the-art cybersecurity protection that is accessible and affordable to organizations of any size.

BIRD Cyber

BIRD Cyber

BIRD Cyber is a program to promote collaboration on cybersecurity and emerging technologies aimed at enhancing the cyber resilience of critical infrastructure.

Babble

Babble

Babble is a Unified Comms, Contact Centre and Cyber Solutions provider. We believe in making next-generation technology simple to use, deploy and manage.

Boltonshield

Boltonshield

Boltonshield provide a unique and proactive approach to cyber defence with managed security services, integrated technologies, and a team of security experts, ethical hackers and analysts.

SCS Technology Solutions

SCS Technology Solutions

SCS Technology Solutions has become the preferred partner for top performing organisations across Lincolnshire for IT support and consultancy.

Viatel Technology Group

Viatel Technology Group

Viatel Technology Group is a complete digital services provider. We have over 26 years’ experience delivering fully managed security, networking, cloud and communications services.

XONA

XONA

XONA is The Zero Trust user access platform for the OT enterprise. Secure operational access to critical systems - from anywhere.