Posted on November 10, 2018 at 5:10 PM
An infamous hacking group from North Korea that calls itself the Lazarus Group, is making headlines again, this time due to attacks on ATMs. According to researchers, hackers from Lazarus have been targeting ATMs around the world for at least 2 years, possibly longer.
Newly discovered malware hits Asian and African ATMs
So far, they are believed to have hit ATMs from 23 countries, which was confirmed by cybersecurity company Symantec. Most of the countries that the group has been targeting are located in Asia and Africa, and the campaign to empty these countries’ ATMs was titled FASTCash. Researchers explained that the attack works due to hackers’ ability to breach banks’ networks and infect them with malware that affects apps that control transactions.
The malware itself is identified as “Trojan.Fastcash”, which appears to be a new threat, used only by Lazarus. It works by intercepting fake withdrawal requests and approves them without the system noticing that something is wrong. As a result, criminals can easily steal cash from ATMs without alerting the system. The good news is that it only hits those servers that are running old, outdated software. Dealing with the software will likely be enough to prevent an attack, which is something that banks should have in mind.
As mentioned, the attacks have mostly been performed in Asian and African countries, buy Symantec’s Dick O’Brien claims that it is entirely possible for Lazarus to start targeting other countries around the world. While the group has seemingly been after money during its entire existence, they have diversified their attacks quite a lot in recent years.
For example, their most notorious operations included attacking banks, such as the Bangladesh Bank, from which they stole around $81 million in 2016. Now, they are targeting ATMs, perhaps as a result of banks tightening their security after 2016 attack. This is further confirmed by the fact that Lazarus has been focusing on ATMs for the past two years, during which they hit somewhere between 23 and 30 countries.
This has caused many to believe that hitting ATMs with FASTCash attacks is not just a passing interest for the group. Instead, it may be considered their main goal, or core activity. Whatever the case may be, the fact is that Lazarus has a deep understanding of how banks and banking systems work. Not only that, but they also proved not to be shy when it comes to exploiting these systems for obtaining quite large sums.
Financially motivated crimes were joined by disruptive operations such as an attack on the Winter Olympics, and the infamous Sony Pictures hack. Finally, there is their most well-known attack to date, WannaCry ransomware. This was an attack in early 2017 which has crippled services around the world during a single weekend and has left enough damage for researchers and IT experts to stay busy for months following the attack.
The attack was estimated to have caused around £92 million to the Department of Health and Social Care alone, most of which was spent on recovering data and restoring damaged systems.