Malware links advise that North Korean hackers competence be behind new attacks opposite several Asian banks, including a burglary of $81 million from a Bangladesh executive bank progressing this year.
Security researchers from Symantec have found justification that a malware used in a Bangladesh Bank cyberheist was used in targeted attacks opposite an unnamed bank in a Philippines. The same malware was also previously linked to an attempted burglary of $1 million from Tien Phong Bank in Vietnam.
Symantec reliable a progressing findings of researchers from BAE Systems who found formula similarities between a Bangladesh Bank malware, that was used to cgange SWIFT transfers, and a antagonistic module used in attacks opposite Sony Pictures Entertainment in Dec 2014.
The U.S. supervision attributed a Sony conflict to North Korea. FBI Director James Comey pronounced final year he had “very high confidence” in that detrimental notwithstanding denials from a North Korean supervision and a doubt of some confidence researchers.
The hacker organisation behind a Sony conflict is famous in a mechanism confidence attention as Lazarus and has been active given during slightest 2009, essentially targeting organizations from a U.S. and South Korea. One of a malware programs in a group’s toolset is called Backdoor.Contopee.
“Symantec has identified 3 pieces of malware that were being used in singular targeted attacks opposite a financial attention in South-East Asia: Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee,” a Symantec researchers pronounced in a blog post.
Backdoor programs yield unapproved entrance to a computer, though their participation doesn’t indispensably exhibit a attackers’ finish goal. However, a proclivity for those targeted attacks became clearer when identical formula was found in Trojan.Banswift, that was used in a Bangladesh conflict to manipulate SWIFT transactions, and progressing versions of Backdoor.Contopee, a researchers said.
The primary couple is a apportionment of formula that wipes files regulating a singular routine. It is common by Trojan.Banswift and Backdoor.Contopee.
The file-wiping formula has not been found in other malware programs, and Backdoor.Contopee was used by Lazarus in targeted attacks opposite banks in a region. Those connectors led a Symantec researchers to trust Trojan.Banswift was also combined by a same group.
“The find of some-more attacks provides serve justification that a organisation concerned is conducting a far-reaching debate opposite financial targets in a region,” a Symantec researchers say.
The proclamation comes after a Bloomberg news that adult to a dozen banks from Southeast Asia have hired confidence organisation FireEye to examine intensity confidence breaches and SWIFT irregularities on their networks.