You are here: Home » News-IANS » Defence-Security
Business Standard

North Korean hackers emptying millions from ATMs in Asia, Africa: Symantec

IANS  |  New Delhi 

North Korea-based group Lazarus is estimated to have stolen tens of millions of dollars from ATMs from banks in and Africa, a new report from cyber security firm has revealed.

Symantec's research team has uncovered the key component used in the group's recent wave of financial attacks.

The operation, known as "FASTCash", enabled Lazarus to fraudulently empty ATMs of cash.

To make the fraudulent withdrawals, Lazarus first breaches targeted banks' networks and compromises the switch application servers handling transactions, said in a statement late Thursday.

It was not clear yet if ATMs in were also affected.

"On October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the US government's code name for Lazarus) has been conducting "FASTCash" attacks, stealing money from Automated Machines (ATMs) from banks in and since at least 2016," said

Lazarus is a hacking group which has been linked to a string of attacks against everything from banks to government agencies across the world, including the 2014 attack on Pictures.

More recently, Lazarus has also become involved in financially motivated attacks, including an $81 million theft from the and the "WannaCry" ransomware outbreak in May 2017.

According to the alert, one incident in 2017 saw cash withdrawn simultaneously from ATMs in over 30 different countries.

In another major incident in 2018, cash was taken from ATMs in 23 countries.

To date, the Lazarus FASTCash operation is estimated to have stolen tens of millions of dollars.

"Once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware in turn intercepts fraudulent Lazarus cash withdrawal and sends fake approval responses, allowing the attackers to steal cash from ATMs," explained the Symantec team.

The recent wave of FASTCash attacks demonstrates that financially motivated attacks are not simply a passing interest for the Lazarus group and can now be considered one of its core activities.

"Lazarus continues to pose a serious threat to the financial sector and organisations should take all necessary steps to ensure that their are fully up to date and secured," Symantec added.

Amid growing crypto-jacking episodes, Lazarus has also stolen cryptocurrencies worth more than half a billion dollars.

According to The Next Web that cited findings from the annual report of cybersecurity vendor last month, Lazarus was behind 14 hacking attacks on cryptocurrent exchanges since January 2017 -- stealing $571 million.

--IANS

na/sed

(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Fri, November 09 2018. 18:36 IST
RECOMMENDED FOR YOU
RECOMMENDED FOR YOU