TECH

Hackers linked to North Korea steal millions to ATMs around the world

The most recent interest of hackers linked to the North Korean government are financial institutions. Since late 2016, the group of hackers known as Lazarus has carried out an operation called FASTCash, which is aimed at stealing money from ATMs. It is estimated that to date has been the theft of tens of millions of dollars in Africa and Asia.The Computer Emergency Response Team (US-CERT), an organization within the Department of Homeland Security (DHS) charged with analyzing and reducing cyber threats, as well as the Treasury Department and the FBI issued an alert about their activities on 2 October. As a result, Symantec began an investigation into the wave of financial attacks perpetrated by the group, whose findings have been shared. "In order to make the fraudulent withdrawals, Lazarus first infringes target bank networks and compromises the servers that handle transactions in the ATMs, "explained the computer security company in a post posted on his blog, adding:Once these servers are compromised, a previously unknown malware (Trojan.Fastcash) is implemented. This malware, in turn, intercepts Lazarus' fraudulent cash withdrawal requests and sends false approval responses, allowing attackers to steal cash from ATMs.According to Symantec, Hidden Cobra, the code name used by the US government to refer to Lazarus, once withdraw cash simultaneously from ATMs in 30 different countries in 2017 and, at the beginning of this year, made another similar attack in 23 countries at a time. this Thursday.
The company also said that vulnerabilities exploited by hackers have been repaired to perpetrate FASTCash attacks that have affected servers running non-compatible versions of its Advanced Interactive eXecutive (AIX) operating system so far.Earlier this past October, FireEye reported that another Lazarus cell called APT38 has been active since at least 2014 in more than 16 financial organizations in 11 countries, including Mexico, Chile, Brazil, Uruguay and the United States.Through malware, it conducts fake transactions within the Society for Worldwide Interbank and Financial Communications (SWIFT), which has stolen more than $ 100 million from financial institutions around the world .The Lazarus group has been linked to the hacking of Sony Pictures in 2014, the $ 81 million theft of the Bangladesh Central Bank in 2016 and the Wanna Cry malware. Bitcoin has also recently been in the sights of these hackers.


H. T.