A North Korean hacking group known as Lazarus is believed to be behind a recent cyberattack campaign targeting organisations in 31 countries, security firm Symantec has said.
Researchers have uncovered four pieces of digital evidence, according to a Symantec blog, suggesting the Lazarus group was behind the campaign that sought to infect victims’ systems with “loader” software which is then used to stage attacks by installing other malicious programmes.
“We are reasonably certain” Lazarus was responsible, Symantec researcher Eric Chien said in an interview.
The North Korean government has denied allegations it was involved in the hacks, which were made by officials in Washington and Seoul, as well as security firms.
US Federal Bureau of Investigation representatives could not immediately be reached for comment.
Symantec did not identify any of the targeted organisations and said it did not know if any money had been stolen. Nonetheless, the online security firm said the claim was significant because the group used a more sophisticated targeting approach than in previous campaigns.
“This represents a significant escalation of the threat,” said Dan Guido, chief executive of Trail of Bits, a consultant that deals with banks and the US government.
Lazarus has already been blamed for a string of hacks dating back to at least 2009, including last year's $81 million heist from Bangladesh's central bank, the 2014 hack of Sony Pictures Entertainment that crippled its network for weeks and a long-running campaign against organisations in South Korea.
Mr Guido, who reviewed Symantec’s finding, said that it was troubling to see a hacking group focus on attacking banks using increasingly sophisticated techniques.
“This is a dangerous development,” he said.
Malware researchers
Symantec, which has one of the world’s largest teams of malware researchers, regularly analyses emerging cyber threats to help defend businesses, governments and consumers that use its security products.
The firm analysed the hacking campaign last month when news surfaced that Polish banks had been infected with malware. At the time, Symantec said it had “weak evidence” to blame Lazarus.
Reuters has been unable to ascertain what happened in that attack. Poland’s biggest bank lobbying group, ZBP, said in February that the sector was targeted in a cyber attack, but did not provide further details. Government authorities declined to comment on the incident.
Authorities in Poland could not be reached for comment late on Wednesday.
Symantec said the latest campaign was launched by infecting websites that intended victims were likely to visit, which is known as a “watering hole” attack.
The malware was programmed to only infect visitors whose IP address showed they were from 104 specific organisations in 31 countries, according to Symantec. The largest number were in Poland, followed by the United States, Mexico, Brazil and Chile.
– (Reuters)