This is how the powerful cybercriminal group Lazarus operates

Lazarus, one of the most active organisations in the digital universe, use various techniques to appropriate systems. The group misappropriated of several millions of dollars from banks in Bangladesh, Taiwan and Costa Rica.

The Lazarus group is unstoppable, and its story seems to be taken from a movie. The mysterious hacker organisation feared by authorities around the world is an active actor in the cybercriminal universe. The North Korean group, created in 2009 has been involved in hacking operations against financial institutions worldwide. In 2017, Lazarus caused chaos across the world with WannaCry. The ransomware cyber attack affected more than 230,000 computers in not less than 150 countries. Their operation began in Asia but recently the global level. In 2016, the first incident in a Latin American countries was detected in a bank in Ecuador. There they managed to steal 9 million dollars.

But how has this cybercriminal group done to execute attacks of such dimension?

Since 2015, the cybersecurity company Kaspersky Lab has researched the modus operandi of the organisation. In an event in Moscow (Russia),
Kaspersky Lab revealed some of its most widely used strategies. According to Fabio Assolini, Kaspersky’s computer security analyst, these cybercriminals are very intelligent. They study the victim and dedicate weeks to analyse the network, the software and the operation of the bank. They stay for a while and then do the theft of millions of dollars.

Kaspersky further explained that the organization of cybercriminals has subgroups. One group is explicitly dedicated to cyber-espionage tasks and attacks on companies. And another focuses on robberies to financial institutions. The servers of the entity commit a site that the people of the bank will access. They infect a computer, which may be someone who is not so crucial to the company.

Experts explain that they used increasinly advanced and varied tactics. They resort to a technique known as the watering hole. Roberto Martinez of Kaspersky’s explained that ‘watering hole’ consists in attacking the entities where the companies get their services. For example, in Poland they infected the Central Bank site, taking into account that all banks had to enter there.

Distraction and Attack

Martinez says the attackers also point to a method of distraction. They seek to generate an attack and make the incident response group focuses on the latest incident. In the meantime, the real assault takes place, for example fraudulently making money transfers.

Most of the time, they transfer money through the Swift electronic payment system. Swift is an international network that connects 11,000 banks in the world and allows the sending of money between them.

Martinez concluded that the goal is to make transfers untraceable and impossible to recover.

“Normally, entities remain silent, do not share anything because people can not find out,” says Fabio Assolini.

Experts predict that Lazarus will continue to expand its power around the world with even more sophisticated attacks.

Read the full report of Kaspersky Lab predictions to financial institutions for 2019.

Facebooktwitterredditpinterestlinkedinmail

Jkev

Everyday technology provides me with food for thought.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.