Lazarus hackers: Evidence discovered indicates that the hackers accused of attacks that led to the hack of Sony Pictures and the robbery of the Central Bank of Bangladesh (Bangladesh Central Bank) have launched a new wave of attacks.
Lazarus hackers are reportedly targeting banks and other organizations in 31 countries today, according to a Symantec warning.
The new attacks seem to have been discovered after an attempt hacking in Polish banks which had the effect of filling them up malware. Το κακόβουλο λογισμικό είχε αποσταλεί μέσω της hacked Poland's economic regulator as a warning document against these attacks: “shared indicators of compromise (IOCs)”
Attackers seem to use hacked sites to redirect visitors to a custom exploit kit, which is pre-configured to infect only visitors from around 150 different IP addresses. These IP addresses belong to 104 different organizations located in 31 different countries. The overwhelming majority of these organizations are banks, with a small number of telecommunications companies and other businesses on the internet.
Lazarus Hackers have been linked to a series of attacks in 2009, targeting businesses in the US and South Korea. Some of the tools used in the Bangladesh Central Bank hack have very similar code to malware used in other attacks. One of them was the hack at Sony Pictures which resulted in the company's films being leaked online before the official release projection.
The latest malware used in attacks on Polish banks had a similar code with the malicious software used by Lazarus hackers in attacks against Sony, according to Symantec.
More details about Symantec's blog attacks:
https://www.symantec.com/connect/blogs/attackers-target-dozens-global-banks-new-malware-0
