N. Korean Hackers Attacking Cash Machines In India

Uploaded on 2019-10-01 in GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-Financial, INTELLIGENCE--International, INTELLIGENCE-Hot Spots-North Korea, TECHNOLOGY--Hackers

Hackers with ties to North Korean government have developed a new strain of malware that has been used to record and steal data from cards inserted into ATM machines in India. The banking malware called ATMDTrack, has been active in the country since late last summer, according to the experts at  Kaspersky.
 
Their analysis of the malware samples  found them to be part of a bigger remote Trojan (RAT) called DTrack, first detected earlier this month.
 
Calling it a spy tool to attack financial institutions and research centers in India, Kapsersky said the malware strains shared “similarities with the DarkSeoul campaign, dating back to 2013 and attributed to the Lazarus group.” The DarkSeoul attacks targeted high-profile facilities in South Korea, including banks and television broadcasters, as well as some financial companies in 2013.The campaign was eventually said to be by the Lazarus Group the main crypto-currency hacker syndicate known for its ties to the North Korean government.
 
The group now has been included in US sanctions for its notorious attacks on critical infrastructure and siphon money from businesses to fund the country’s weapons and missile programs.
 
Collecting Key Logs and Browser Histories
The threat actors behind DTrack obfuscated their malicious code in an innocuous executable file that was protected behind encryption barriers in a dropper used to install the malware. Aside from disguising itself as a harmless process, the malware can perform a number of operations:  
 
• Keylogging
• Retrieving browser history
• Gathering host IP addresses, information about available networks and active connections
• Listing all running processes
• Listing all files on all available disk volumes
 
The collected data was then archived as a password-protected file that’s either saved to the disk or sent to a command and control server. 
 
Classifying ATMDTrack as a subset of the DTrack family, Kaspersky researchers said the developers behind the two malware strains are the “same group of people.” Given the sophistication of the modus operandi, it’s recommended that target organizations beef up their network and password policies and monitor network traffic for any suspicious behavior.
 
“The vast amount of DTrack samples that we were able to find shows that the Lazarus group is one of the most active APT groups in terms of malware development,” Kaspersky said.
 
NextWeb:        Kaspersky
 
You Might Also Read: 
 
US Releases Malware Linked To N. Korean Hacking Group:
 
« Iran Denies It Has Suffered Attacks On Its Oil Production
IT Governance - FREE Guide »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Sentia

Sentia

Sentia is an IT and infrastructure firm, with focus on Outsourcing, IT operation and management, Hosting, Co-location, Network, and IT security.

limes datentechnik

limes datentechnik

limes datentechnik is an authority in the fields of cryptography and data compression. The FLAM product family is an internationally accepted standard for efficient and safe handling of data.

Cyber Craft

Cyber Craft

CyberCraft is an innovative and dynamic software development, outsourcing and consulting company. Services offered include penetration testing.

Cybersecurity Competence Center (C3)

Cybersecurity Competence Center (C3)

The Cybersecurity Competence Center was created to further strengthen the Luxembourg economy in the field of cybersecurity.

Axcient

Axcient

Axcient offers MSPs the most secure backup and disaster recovery technology stack with a proven Business Availability suite.

Gradcracker

Gradcracker

Gradcracker is THE careers website for Science, Technology (including Cybersecurity), Engineering and Maths university students in the UK.

Mendoza Ventures

Mendoza Ventures

Mendoza Ventures is a venture capital fund focusing on pre-seed Artificial Intelligence (AI), Fintech, and Cybersecurity startups.

Zero Networks

Zero Networks

With Zero Network, you can achieve affordable, airtight network access security at scale.

LinkShadow

LinkShadow

LinkShadow is a next-generation cybersecurity solution that provides unparalleled detection of even the most sophisticated threats.

Cord3

Cord3

Cord3 delivers data protection, even from trusted administrators – or hackers posing as administrators – with high privilege.

Cyber Chasse

Cyber Chasse

Cyber Chasse is an IT consulting and staffing company offering a full range of cybersecurity solutions, contract staffing services and online training courses.

Island

Island

Island puts the enterprise in complete control of the browser, delivering a level of governance, visibility, and productivity that simply weren’t possible before.

Wabbi

Wabbi

Wabbi’s continuous security platform centralizes, automates and orchestrates security governance and vulnerability management to empower development teams to own appsec.

Exiger

Exiger

Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers.

Delta Partners

Delta Partners

Delta Partners is a venture capital firm investing in Ireland and the United Kingdom with a strong focus on early stage technology companies.

Texaport

Texaport

Texaport's vision is to be the trusted partner of choice for organisations seeking comprehensive IT management and cutting-edge security solutions.