‘Group behind Sony hack may target international banks’

According to research by two security companies, the so-called Lazarus hacker group has been targeting international banks for six months. This group appears to be responsible for the Bangladesh Central Bank hack and the Sony hack.

Both BAE Systems, which investigated the Swift hack in Bangladesh, and Symantec are writing about the new series of attacks. Both say that the link to the Lazarus group is not fully established at this time, but there are indications that it is the same group. For example, the malware used shows similarities with previous Lazarus variants and the targets match the group’s previous hacks. According to the companies, the group currently focuses mainly on banks in Poland, Mexico and the US. In total there are 104 organizations in 31 different countries.

The attacks came to light when a Polish financial regulator’s website was used to infect visitors. The site BadCyber ​​covered the attacks earlier this month. This was a watering hole attack, in which a commonly used website is used to infect a certain group of users. For bank employees, the site of a financial supervisor is therefore a suitable target. This site redirected users with certain IP addresses to a custom exploit kit. This whitelist enabled the companies to get an impression of the group’s targets.

According to BAE Systems, sites of other regulators were also used, for example those of Mexico. The Lazarus group was also involved in the hack at the central bank of Bangladesh, in which $81 million was stolen via Swift software. The company previously saw a connection between this hack and the one on Sony in 2014. The FBI attributed it to North Korea at the time, which was rejected by that country.