SWIFT Hackers Linked to ‘North Korean’ Lazarus Group

The recent SWIFT attacks on banks across the globe have links to the infamous Lazarus Group pegged for the Sony Pictures Entertainment hack, according to Symantec.

The security giant explained in a blog post that it identified three pieces of malware used in a newly discovered set of attacks on South-east Asian banks: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee.

On closer inspection it discovered code sharing between early variants of Backdoor.Contopee and Trojan.Banswift – which was used in the $81 million heist at the Bangladesh Bank.

“Symantec believes distinctive code shared between families and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region, means these tools can be attributed to the same group,” it explained.

This means that at least one more bank, in the Philippines, is likely to have been attacked by the Swift hackers that have already been pegged for raids on the Bangladesh Bank, Vietnam’s Tien Phong bank and Ecuador’s Banco del Austro.

However, Backdoor.Contopee also provides a link to the Lazarus gang, which has been observed using the same malware. This raises the prospect that the hackers who attacked Bangladesh Bank and others are North Korean state-sponsored operatives.

Lazarus is linked to a string of attacks since 2009 aimed at US and South Korean organizations. “The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment. The FBI concluded that the North Korean government was responsible for this attack,” explained Symantec.

“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region.”

Global bank transfer messaging organization Swift responded this week by launching a five-point plan for its members designed to fortify their defenses against future attacks.

One of its main tenets is better information sharing within the industry, which Swift says it will help co-ordinate.

Given the level of sophistication in the attacks against Bangladesh Bank and others, it has been suggested in the past that those who carried them out could be insiders.

Infosecurity

« Open Source Intelligence Can Predict Terrorist Attacks
Real-life RoboCop Will Replace Human Cops By 2020 »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

XenArmor

XenArmor

XenArmor products include NetCertScanner, an enterprise software to scan & manage expired SSL Certificates on your local network or internet.

Cyber Security Centre - University of Hertfordshire

Cyber Security Centre - University of Hertfordshire

The Cyber Security Centre provides training, teaching and research in the fast paced topics of cyber security and digital forensics.

National Association of Software and Services Companies (NASSCOM)

National Association of Software and Services Companies (NASSCOM)

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

MD5

MD5

MD5 is a leading UK provider of Digital Forensic & eDiscovery services to large multi-national corporate businesses, Law Enforcement & Government Agencies, high profile legal firms.

LRQA Nettitude

LRQA Nettitude

LRQA Nettitude is an award-winning global provider of cybersecurity services, bringing innovative thought leadership to the ever-evolving cybersecurity marketplace.

Redshift Consulting

Redshift Consulting

Redshift is an information management and information security consulting company offering a full range of services from infrastructure design to security assessments and network monitoring.

Magix Security

Magix Security

Magix Security assesses the cyber threat, gives you visibility of how vulnerable your business is to attack, and provides cybercrime detection and prevention services.

Attack Research

Attack Research

We go far beyond standard tools and scripted tests. Find out if your network or technology can stand real-world and dedicated attackers.

Alpine Security

Alpine Security

Alpine Security provides penetration testing, security assessments and cybersecurity training services.

Phy-Cy.X Security Group

Phy-Cy.X Security Group

Phy-Cy.X specialize in the “Physics” of Information Security through both physical and cyber domains. We are not an IT company, we ARE an Information Security company.

GuardDog.ai

GuardDog.ai

guardDog.ai has developed a cloud-based software service with a companion device that work together to simplify network security.

Cubro Network Visibility

Cubro Network Visibility

Cubro network visibility solutions remove network monitoring ‘blind spots’ to provide enhanced visibility and control of all data transiting a company’s network.

Certo Software

Certo Software

Certo are trusted experts in mobile security. At Certo, mobile security is not an afterthought, it’s what we do.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

HanaByte

HanaByte

HanaByte is a security consultancy focused on delivering state of the art solutions in the cloud. We specialize in delivering cloud services with an emphasis on security.