Lazarus accused of cyber-attacks against financial institutions

The group that tried to steal a million dollars from the Vietnamese Tien Phong Bank, managed to steal $81 million from the Bangladeshi central bank, and managed to steal $12 million from a bank in Ecuador, also attacked a bank in the Philippines, the media reported on Friday.

However, it remains unclear if the group actually managed to steal any money from this bank or not.

What the media do know, though, is that all these attacks seem to be pointing at the same hacking group, known as Lazarus. That is the conclusion security experts came to, after analysing the source code of the malware used in the attack, and realising it has many similarities to other malware proven to be used by Lazarus in the past.

It also seems as this attack took place before the spotted Vietnamese one.

Three different pieces of malware were used in this attack, security experts from Symantec have said: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee. All three pointed to the same group, the researchers said:

“Symantec believes distinctive code shared between families and the fact that Backdoor.Contopee was being used in limited targeted attacks against financial institutions in the region, means these tools can be attributed to the same group.”

The attacks were spotted by payments network SWIFT, after the attack against the Bangladeshi bank triggered an alarm.

Symantec says all this points to the fact that there’s a wider attack campaign against financial targets in the region. Even though awareness has been raised, the initial success might motivate other hacking groups to try something similar.

Photo credit: Tashatuvango/Shutterstock