If things with North Korea weren’t tense enough, it seems that Kim Jong Un is reportedly having his elite hacking groups target banks around the world. According to CNN, it is an effort by the nation to help fund their nuclear program and at least 18 banks around the globe have been targeted. The group, codenamed “Lazarus,” has been linked to several intrusions at banks around the globe and is the reportedly the same group connected to attacks against South Korea’s banks and broadcasters in 2013 and the Sony hack in 2014:
Banks and security researchers have previously identified four similar cyber-heists attempted on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam.
But researchers at Kaspersky now say the same hacking operation — known as “Lazarus” — also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.To hide their location, hackers typically launch cyberattacks from computer servers far from home. According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to setup that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea.
Most of the attempts were unsuccessful in obtaining money from the banks according to CNN, but there have been successes and the tactics used by “Lazarus” are becoming more sophisticated:
One recent example is a trap set at the website of Poland’s financial regulator. Hackers embedded malicious code onto that Polish website, according to BAE Systems. And they limited the infections to visitors from particular internet addresses — employees at banks.
The code showed that Lazarus hackers created a list of 150 internet addresses that served as “a hit list,” said Eric Chien, a researcher at Symantec, which issued its own warning about North Korea hacking earlier this year.
CNN ran those addresses through internet records kept by DomainTools, a cybersecurity firm. Those IP addresses belong to the World Bank, as well as the central banks of Brazil, Chile, Estonia, Mexico and Venezuela, as well as a wide range of well known global banks.
US law enforcement is apparently suspicious of Kaspersky’s findings due to their connection to Russia according to CNN, but the firm denies this and provides reliable cyber security services and software worldwide. United Nations sanctions block North Korea from having a part in the financial system due to their ongoing nuclear activities, but CNN points to a “network of front companies and secret agents to access global banks” that allow the nation to hide their identity and create financial institutions.