Friday, April 26, 2019
News

North Korean hackers emptying millions from ATMs in Asia, Africa: Symantec

   SocialTwist Tell-a-Friend    Print this Page   COMMENT

New Delhi | Friday, 2018 7:15:04 PM IST
North Korea-based infamous hacking group Lazarus is estimated to have stolen tens of millions of dollars from ATMs from banks in Asia and Africa, a new report from cyber security firm Symantec has revealed.

Symantec's research team has uncovered the key component used in the group's recent wave of financial attacks.

The operation, known as "FASTCash", enabled Lazarus to fraudulently empty ATMs of cash.

To make the fraudulent withdrawals, Lazarus first breaches targeted banks' networks and compromises the switch application servers handling ATM transactions, Symantec said in a statement late Thursday.

It was not clear yet if ATMs in India were also affected.

"On October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the US government's code name for Lazarus) has been conducting "FASTCash" attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016," said Symantec.

Lazarus is a hacking group which has been linked to a string of attacks against everything from banks to government agencies across the world, including the 2014 attack on Sony Pictures.

More recently, Lazarus has also become involved in financially motivated attacks, including an $81 million theft from the Bangladesh Central Bank and the "WannaCry" ransomware outbreak in May 2017.

According to the US government alert, one incident in 2017 saw cash withdrawn simultaneously from ATMs in over 30 different countries.

In another major incident in 2018, cash was taken from ATMs in 23 countries.

To date, the Lazarus FASTCash operation is estimated to have stolen tens of millions of dollars.

"Once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware in turn intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs," explained the Symantec team.

The recent wave of FASTCash attacks demonstrates that financially motivated attacks are not simply a passing interest for the Lazarus group and can now be considered one of its core activities.

"Lazarus continues to pose a serious threat to the financial sector and organisations should take all necessary steps to ensure that their payment systems are fully up to date and secured," Symantec added.

Amid growing crypto-jacking episodes, Lazarus has also stolen cryptocurrencies worth more than half a billion dollars.

According to The Next Web that cited findings from the annual report of cybersecurity vendor Group-IB last month, Lazarus was behind 14 hacking attacks on cryptocurrent exchanges since January 2017 -- stealing $571 million.

--IANS na/sed

( 443 Words)

2018-11-09-18:36:05 (IANS)

 
  LATEST COMMENTS (0)
POST YOUR COMMENT
Comments Not Available
 
POST YOUR COMMENT
 
 
TRENDING TOPICS
 
 
CITY NEWS
MORE CITIES
 
 
 
MORE BUSINESS NEWS
AglaSem Talent Search Exam 2019 to give ...
Tata Steel net profit down by 84 per cen...
Divyang students from Pallavanjali enjoy...
US dollar edges up amid economic data...
Maruti Suzuki's Q4 net profit down 4.6% ...
Axis Bank's Q4 net profit rises to Rs 1,...
More...
 
INDIA WORLD ASIA
AAP manifesto harps on full statehood fo...
Punjabi singer Daler Mehndi joins BJP...
Rajasthan government performance below a...
Star campaigners descend on Odisha for A...
Bengal BJP chief discounts Amartya Sen's...
1 killed in Signature Bridge car acciden...
More...    
 
 Top Stories
70 IS suspects held after bombings:... 
Ian Gould to quit umpiring after Wo... 
Twinkle reveals only 'party' she'd ... 
Fresh challenge awaits IPL teams mi... 
Springsteen's 'Western Stars' avail... 
Asha Bhosle directs one scene of Go... 
Elizabeth Winstead to star in assas... 
Human intrusion degrading air quali...