SWIFT Hackers Linked to ‘North Korean’ Lazarus Group

The recent SWIFT attacks on banks across the globe have links to the infamous Lazarus Group pegged for the Sony Pictures Entertainment hack, according to Symantec.

The security giant explained in a blog post that it identified three pieces of malware used in a newly discovered set of attacks on South-east Asian banks: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.

On closer inspection it discovered code sharing between early variants of Backdoor.Contopee and Trojan.Banswift – which was used in the $81 million heist at the Bangladesh Bank.

“Symantec believes distinctive code shared between families and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region, means these tools can be attributed to the same group,” it explained.

This means that at least one more bank, in the Philippines, is likely to have been attacked by the Swift hackers that have already been pegged for raids on the Bangladesh Bank, Vietnam’s Tien Phong bank and Ecuador’s Banco del Austro.

However, Backdoor.Contopee also provides a link to the Lazarus gang, which has been observed using the same malware. This raises the prospect that the hackers who attacked Bangladesh Bank and others are North Korean state-sponsored operatives.

Lazarus is linked to a string of attacks since 2009 aimed at US and South Korean organizations. “The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment. The FBI concluded that the North Korean government was responsible for this attack,” explained Symantec.

“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region.”

Global bank transfer messaging organization Swift responded this week by launching a five-point plan for its members designed to fortify their defenses against future attacks.

One of its main tenets is better information sharing within the industry, which Swift says it will help co-ordinate.

Given the level of sophistication in the attacks against Bangladesh Bank and others, it has been suggested in the past that those who carried them out could be insiders.

Infosecurity

« Open Source Intelligence Can Predict Terrorist Attacks
Real-life RoboCop Will Replace Human Cops By 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

GOVCERT.lu

GOVCERT.lu

GOVCERT.lu is responsible for the treatment of all computer related incidents jeopardising the information systems of the government and defined critical infrastructure operators in Luxembourg.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

Digital Law

Digital Law

Digital Law is the only UK law firm to specialise solely in online, data and cyber law.

Vivitec

Vivitec

Vivitec security services are tailored for your business, industry, risk, technology, and size to ensure great protection and planned response for the inevitable cyber-attacks on your business.

Ackcent Cybersecurity

Ackcent Cybersecurity

Ackcent's mission is to help our clients to protect their critical digital assets by providing them with a portfolio of specialised professional services.

InfoLock

InfoLock

Infolock are experts in data governance, providing consulting and advisory services that help organizations effectively secure, manage, and optimize their data.

Palantir

Palantir

Palantir software empowers entire organizations to answer complex questions quickly by bringing the right data to the people who need it.

Corsica Technologies

Corsica Technologies

Corsica Technologies is recognized as one of the top managed IT and cybersecurity service providers. Our integrated IT and cybersecurity services protect companies and enable them to succeed.

Kiberna

Kiberna

Kiberna are a small but niche company specialising in data driven security to manage your cyber risks.

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL)

Pakistan Telecommunication Company Limited (PTCL) is the largest integrated Information Communication Technology (ICT) company of Pakistan.

Intertec Systems

Intertec Systems

Intertec Systems is an award-winning, global IT solutions and services provider that specializes in digital transformation, cybersecurity, sustainability, and cloud services.

Redefine

Redefine

Redefine are Crypto-Native, Cyber Experts, and Blockchain Believers. We are here to make Web3 anti-fragile, safe and accessible to all.

Amiosec

Amiosec

Amiosec is a British cyber innovation business specialising in delivering simple-to-use solutions to the complex problems of the modern world.