A hacking group believed to be linked to North Korea is conducting hacks motivated by money, according to a new report.
Cybersecurity firm Symantec released a report on Thursday accusing the Lazarus Group of being a danger to financial institutions after it allegedly carried out “FASTCash” attacks, which included the hacking of ATMs in dozens of countries in the past few years. The hacks reportedly netted tens of millions of dollars.
“The recent wave of FASTCash attacks demonstrates that financially motivated attacks are not simply a passing interest for the Lazarus Group and can now be considered one of its core activities,” Symantec said in the report.
The Lazarus Group, according to the firm, is a “very active group involved in both cybercrime and espionage.” The report connects the hacking group to the 2014 hack of Sony Pictures and the 2017 WannaCry ransomware outbreak.
“Lazarus possesses an in-depth knowledge of banking systems and transaction processing protocols and has the expertise to leverage that knowledge in order to steal large sums from vulnerable banks,” the report said.
“One incident in 2017 saw cash withdrawn simultaneously from ATMs in over 30 different countries. In another major incident in 2018, cash was taken from ATMs in 23 separate countries,” the report said.
Once Lazarus’s Trojan.Fastcash malware is deployed, it “intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs,” Symantec said.
In early October, the United States Computer Emergency Readiness Team (CERT) warned of the FASTCash campaign. “Analytic efforts between the Department of Homeland Security, the Department of Treasury and the Federal Bureau of Investigation” contributed to CERT’s report, which blamed a group called “Hidden Cobra” for the attacks. Hidden Cobra is another name for the Lazarus Group.