Lazarus hackers: Unearthed evidence suggests that the hackers accused of the attacks that led to the Sony Pictures hack and the Central Bank robbery of Bangladesh (Bangladesh Central Bank) have launched a new wave of attacks.
Lazarus hackers are reportedly targeting banks and other organizations in 31 countries today, according to a Symantec warning.
The new attacks appear to have been discovered after a hacking attempt at Polish banks resulted in them being filled with malware. The malicious software was sent through the hacked financial regulator of Poland as a document warning of these attacks: “shared indicators of compromise (IOCs)”
Attackers seem to use hacked sites to redirect visitors to a custom exploit kit, which is pre-configured to infect only visitors from around 150 different IP addresses. These IP addresses belong to 104 different organizations located in 31 different countries. The overwhelming majority of these organizations are banks, with a small number of telecommunications companies and other businesses on the internet.
Lazarus Hackers have been linked to a series of attacks in 2009, targeting businesses in USA and South Korea. Some of the tools used in the Bangladesh Central Bank hack have very similar code to malware used in other attacks. One of them was the hack at Sony Pictures which resulted in the company's films being leaked online before the official release.
The latest malware used in attacks on Polish banks had a similar code with the malicious software used by Lazarus hackers in attacks against Sony, according to Symantec.
More details about Symantec's blog attacks:
https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0