N. Korean Hackers Attacking Cash Machines In India

Uploaded on 2019-10-01 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Financial, INTELLIGENCE--International, INTELLIGENCE-Hot Spots-North Korea, TECHNOLOGY--Hackers

Hackers with ties to North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India. The banking malware called ATMDTrack, has been active in the country since late last summer, according to the experts at  Kaspersky.
 
Their analysis of the malware samples  found them to be part of a bigger remote Trojan (RAT) called DTrack, first detected earlier this month.
 
Calling it a spy tool to attack financial institutions and research centers in India, Kapsersky said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.” The DarkSeoul attacks targeted high-profile facilities in South Korea, including banks and television broadcasters, as well as some financial companies in 2013.The campaign was eventually said to be by the Lazarus Group the main crypto-currency hacker syndicate known for its ties to the North Korean government.
 
The group now has been included in US sanctions for its notorious attacks on critical infrastructure and siphon money from businesses to fund the country’s weapons and missile programs.
 
Collecting Key Logs and Browser Histories
The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware. Aside from disguising itself as a harmless process, the malware can perform a number of operations:  
 
• Keylogging
• Retrieving browser history
• Gathering host IP addresses, information about available networks and active connections
• Listing all running processes
• Listing all files on all available disk volumes
 
The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command and control server. 
 
Classifying ATMDTrack as a subset of the DTrack family, Kaspersky researchers said the developers behind the two malware strains are the “same group of people.” Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behavior.
 
“The vast amount of DTrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development,” Kaspersky said.
 
NextWeb:        Kaspersky
 
You Might Also Read: 
 
US Releases Malware Linked To N. Korean Hacking Group:
 
« Iran Denies It Has Suffered Attacks On Its Oil Production
IT Governance - FREE Guide »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

AlgoSec

AlgoSec

The AlgoSec platform enables the world’s most complex organizations to gain visibility, reduce risk and process changes at zero-touch across the hybrid network.

Perkins Coie LLP

Perkins Coie LLP

Perkins Coie LLP is an internationalk law firm with offices across the USA and Asia. Practice areas include Privacy and Data Security.

International Conference on Information Systems Security & Privacy (ICISSP)

International Conference on Information Systems Security & Privacy (ICISSP)

The ICISSP event is a meeting point for researchers and practitioners to address security and privacy challenges concerning information systems.

DataVisor

DataVisor

DataVisor is a big data fraud detection and anti-money laundering solution.

CybSafe

CybSafe

CybSafe is a cloud-based platform focussed on addressing the human component of cyber security - an intelligent approach to awareness training.

ClearDATA

ClearDATA

The ClearDATA Managed Cloud protects sensitive healthcare data using purpose-built DevOps automation, compliance and security safeguards, and healthcare expertise.

Fidus Information Security

Fidus Information Security

Fidus is a team of security professionals providing Penetration Testing and Cyber Security Consulting services throughout the UK and worldwide.

TruNarrative

TruNarrative

TruNarrative provides a unified solution for Identity Verification, Fraud Detection, eKYC, Risk Assessment, AML Compliance and Account Monitoring.

UNIDIR Cyber Policy Portal

UNIDIR Cyber Policy Portal

The UNIDIR Cyber Policy Portal is an online reference tool that maps the cybersecurity and cybersecurity-related policy landscape.

T-REX

T-REX

T-REX is a coworking space, technology incubator, and entrepreneur resource center for technology startups.

WolfSSL

WolfSSL

wolfSSL is an embedded SSL/TLS library providing secure communication for IoT, smart grid, connected home, routers, applications, games, phones, and more.

ProofID

ProofID

ProofID is a specialist provider of Identity Access Management (IAM) solutions. We focus on the solving the complex needs of the modern enterprise.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

RubinBrown

RubinBrown

RubinBrown LLP is a leading accounting and professional consulting firm. The RubinBrown name and reputation are synonymous with experience, integrity and value.

Lightpath

Lightpath

Lightpath is revolutionizing how organizations connect to their digital destinations by combining our next-generation network with our next-generation customer service.

Layer 8 Security

Layer 8 Security

Layer 8 Security is a cybersecurity advisory, consulting, and technical services firm that arms businesses with practical compliance, risk management, and security program strategies.