Cyberattacks on international banks show links to hackers who hit Sony

it is uncertain to the researchers exactly how many banks were compromised or whether or not any suffered monetary losses. but the researchers say it seems to be a part of a neatly-geared up and broad hacking effort that shares hyperlinks to other attacks including the devastating 2014 hack that destroyed programs and uncovered electronic mail messages at Sony photos leisure. U.S. officers have mentioned North Korea was once chargeable for that assault. North Korea has denied that, although mentioned its supporters might have performed it.

Researchers at BAE methods and Symantec say that probably the most tool and web infrastructure within the global effort was also used within the Sony assault and-more just lately-other attacks on banks in Asia. security researchers call the North Korea-linked group they imagine is at the back of these attacks “Lazarus.” It has been energetic given that 2009, in line with Kaspersky Lab ZAO, a Russian cybersecurity firm.

If the contemporary assaults are indeed by means of Lazarus, it suggests the workforce is broadening its banking assaults. The group’s bank hacking previously had concerned with Asia, mentioned Eric Chien, technical director of Symantec’s security expertise and Response division. “We never noticed them do anything, as an example, to the U.S., let alone Europe,” he said. “Now we see them targeting the U.S. and Europe.”

In November the Federal Bureau of Investigation warned U.S. monetary institutions that it was once “monitoring rising reviews indicating that neatly-resourced and organized malicious cyber actors have intentions to focus on the U.S. monetary sector.”

The FBI didn’t respond to requests for comment about the latest assaults.

The assaults began in October by means of compromising the web site of the Polish monetary Supervision Authority, an incident that was once reported remaining week via the Badcyber.com blog. The hackers programmed that web page to assault banking computer systems that visited the web site, the researchers say.

security investigators call this system a “watering hole.” It lets criminals use one fashionable get entry to level to interrupt into a range of alternative organizations. on this case, by means of infecting a website online usually visited by means of banking workers, the hackers might hope to spread malicious device onto computer systems inside the financial institutions on their list, stated Adrian Nish, head of BAE programs’ risk Intelligence team.

A Polish monetary Supervision Authority spokesman confirmed that the regulator had “recognized an external attempt to intrude within the working IT system,” and had turned over proof of the incident to regulation enforcement after restoring the web site. The Polish national Police agency didn’t immediately respond to a request for remark Friday.

The hackers programmed the hacked web servers to attack computer systems provided that they originated from a brief-listing of roughly 75 institutions-an apparent effort to keep a decrease profile and help avoid detection, the researchers say.

This record contains 19 financial institutions in Poland, 15 in the U.S., 9 in Mexico, and seven within the U.k., mentioned BAE methods, which declined to name the institutions. The attacks additionally compromised a site belonging to Mexico’s monetary regulator, the national Banking and Securities fee, and a state-run financial institution in Uruguay, Dr. Nish stated. A spokeswoman for the national Banking and Securities commission stated that it has considered no proof that its computer systems had been compromised. “all the way through the prior weekend, we bought discover of a coordinated assault addressed to banking institutions world-wide,” she said. “Our safety Operations center carried out a thorough inspection, from which no ordinary conduct was detected.” The commission’s investigation is continuous she said.

The attacks, with their use of the “water gap” method, seem like extra subtle than previous Lazarus assaults, Dr. Nish and Mr. Chien said. in the shadowy world of cybersecurity, code can be stolen and reused, which makes the trade of linking assaults to explicit actors time ingesting and often inexact. Dr. Nish, at BAE, stated he has a “excessive self belief” that the staff concerned is Lazarus. “we all know the instruments that they’re using very neatly and we all know the infrastructure they’re the use of and their tactics,” Dr. Nish said. “And we are able to strongly confirm that the tools which have been discovered on the financial institution networks and in these [website] attacks are a part of the group’s device equipment.”

Mr. Chien said that Symantec hadn’t but finished diagnosis required to definitively make the connection, however that the tools utilized in these latest attacks are linked to Lazarus instruments used up to now.