8/29/2023 0 Comments Lazarus group bank of bangladesh![]() We have had the privilege of investigating these attacks and helping with incident response at a number of financial institutions in South East Asia and Europe. This is the first time we announce some Lazarus Group operations that have thus far gone unreported to the public. We would like to add some strong facts that link some attacks on banks to Lazarus, and share some of our own findings as well as shed some light on the recent TTPs used by the attacker, including some yet unpublished details from the attack in Europe in 2017. Considering that the afterhack publications by the media mentioned that the investigation stumbled upon three different attackers, it was not obvious whether Lazarus was the one responsible for the fraudulent SWIFT transactions, or if Lazarus had in fact developed its own malware to attack banks’ systems. However, while almost everybody in the security industry has heard about the attack, few technical details have been revealed to the public based on the investigation that took place on site at the attacked company. The only case where specific malware targeting the bank’s infrastructure used to connect to SWIFT messaging server was discovered, is the Bangladesh Central Bank case. While all these facts are fascinating, the connection between Lazarus attacks on banks, and their role in attacks on banks’ systems, was still loose. However, from this it’s only clear that Lazarus might have attacked Polish banks. Symantec also confirmed seeing the Lazarus wiper tool in Poland at one of their customers. Other claims that Lazarus was the group behind attacks on the Polish financial sector, came from Symantec in 2017, which noticed string reuse in malware at one of their Polish customers. This similarity was found to be satisfying to many readers, however at Kaspersky Lab, we were looking for a stronger connection. This was followed by another blogpost by Anomali Labs, confirming the same wiping code similarity. ![]() One such publication was made available by BAE systems in May 2016, however it only included analysis of the wiper code. Since the Bangladesh incident there have been just a few articles explaining the connection between Lazarus Group and the Bangladesh bank heist. Today we’d like to share some of our findings, and add something new to what’s currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank. While the original article didn’t mention Lazarus Group it was quickly picked up by security researchers. ![]() In February 2017 an article in the Polish media broke the silence on a long-running story about attacks on banks, allegedly related to the notoriously known Lazarus Group.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |