The Group named “Lazarus” is a North Korean hacking group who is suspected as a master mind of recent attacks targeting organizations in 31 countries. High profile attacks on Bangladesh Bank, Sony Corporation and South Korea, Symantec official informed yesterday.
Symantec says, “In a blog post researchers have lifted the veil from 4 strong digital evidences that suggest Lazarus group was behind that campaign, the campaign used “loader” software that is used to install malicious programs.
Symantec researchers Eric Chien said, “We are very much certain that Lazarus group was responsible for these attacks”
However, North Korean government refused the allegations to be correct, the allegations were also raised by officials in Washington and some security firms.
Symantec was unable to identify any targeted organizations specifically nor if the money had been stolen. However, Symantec is shrewd enough to claim, they said this campaign was not reminiscent of previous campaign and they have used more sophisticated techniques this time.
Dan Guido CEO of consulting firm which provides services to banks and US government unveiled his concerns and said “This event has potential and significant threats”
Lazarus has a history of these kinds of attacks, this group is already blamed in 2009, 2014 and 2016 attacks. The group allegedly stole $81 million from Bangladesh’s Central Bank last year. In 2014 they had an attack on Sony which curbed there network for weeks. The group reportedly attacked several organizations in South Korea.
Guido, who reviewed Symantec’s finding, said that it was troubling to see a hacking group focus on attacking banks using increasingly sophisticated techniques.
Related: Mobile Apps Hacking Gateways
In the recent attacks on Polish Banks, Symantec analyzed the hacking campaign, when news broke that Polish banks are infected with malware. At that time, Symantec said there was “weak evidence” to blame Lazarus.
According to Reuters, Symantec said the latest campaign was launched by infecting websites that intended victims were likely to visit, which is known as a “watering hole” attack.
The malware was programmed to only infect visitors whose IP address showed they were from 104 specific organizations in 31 countries, according to Symantec. The largest number were in Poland, followed by the United States, Mexico, Brazil and Chile.