A Hunt for the Infamous Lazarus Group Hackers to Prevent Cyber Crime
Kaspersky uncovered new activity of Lazarus – a hacking group allegedly responsible for the theft of $81 million from the Central Bank of Bangladesh in 2016. The new wave of attacks targets banks, casinos, financial investment software developers and crypto-currency businesses.
Learn moreWhy Lazarus is dangerous and how to stop them
Lazarus targets banks, casinos, financial investment software developers and crypto-currency businesses. The malware attributed to this group recently has been found in 18 countries around the world, including Korea, Bangladesh, India, Vietnam, Indonesia, Costa Rica, Malaysia, Poland, Iraq, Ethiopia, Kenya, Nigeria, Uruguay, Gabon, Thailand and several other countries.
How they attack:
- Lazarus/Bluenoroff group finds a vulnerability in one of servers in the targeted organization OR
- They would infect a website which employees of a targeted organization often visit
- They would infect the IT infrastructure of the target with malware and would identify where a server running SWIFT software is installed
- They would download additional malware to interact with SWIFT software and would try to drain the organization’s accounts.
How to stop the Lazarus/Bluenoroff group:
- If your organization has software tools for conducting money transactions, like SWIFT software, invest into additional protection and regular security assessment in addition to standard protection measures implemented on all other parts of the organization's network.
- Protect backup servers as they contain information that can be of use for attackers: passwords, logins, and authentication tokens.
- When deploying specialized software for money processing follow recommendations and best security practices from your software vendor and security professionals.
- In case of suspicion of intrusion, request for professional assistance with incident response. The Lazarus cases which Kaspersky have investigated, show that even if attackers made it inside the network it is still not too late to conduct actions which will prevent financial and reputation losses.
Related articles
-
Previous Lazarus Research
In 2016 Kaspersky has published its findings on previous activities of the Lazarus group, which allegedly attacked Sony Pictures Entertainment Company.
READ MORE > -
The Great Bank Robbery: the Carbanak APT
In 2015 Kaspersky uncovered Carbanak – a sophisticated targeted attacks group which was able to steal up to $1bln and is still active.
READ MORE > -
Financial cyberthreats in 2016
We constantly track the financial cyberthreats landscape. Check our latest report on the newest financial threats to you and your business.
READ MORE >