![]() The largest number were in Poland, followed by the United States, Mexico, Brazil and Chile. The malware was programmed to only infect visitors whose IP address showed they were from 104 specific organisations in 31 countries, according to Symantec. Symantec said the latest campaign was launched by infecting websites that intended victims were likely to visit, which is known as a "watering hole" attack. Government authorities declined comment on the incident.Īuthorities in Poland could not be reached for comment late on Wednesday. Poland's biggest bank lobbying group, ZBP, in February said the sector was targeted in a cyber attack, but did not provide further details. When executed, the compromised application functions normally, but covertly collects victim information and transmits it to the C2 servers. Backdooring prominent open-source programs is one of the means that the Lazarus group has been using to deliver its malware. Reuters has been unable to ascertain what happened in that attack. The payload has new features, including plug-in-based expanding capabilities. At the time, Symantec said it had "weak evidence" to blame Lazarus. The firm analysed the hacking campaign last month when news surfaced that Polish banks had been infected with malware. Symantec, which has one of the world's largest teams of malware researchers, regularly analyses emerging cyber threats to help can defend businesses, governments and consumers that use its security products. ![]() "This is a dangerous development," he said. Guido, who reviewed Symantec's finding, said that it was troubling to see a hacking group focus on attacking banks using increasingly sophisticated techniques. Photo Credit: Ken Wolter / Shutterstock.Lazarus has already been blamed for a string of hacks dating back to at least 2009, including last year's US$81 million (S$114 million) heist from Bangladesh's central bank, the 2014 hack of Sony Pictures Entertainment that crippled its network for weeks and a long-running campaign against organisations in South Korea. You can find out more about the similarities that have been discovered over on the Symantec website. These earlier versions of WannaCry used stolen credentials to spread across infected networks, rather than leveraging the leaked EternalBlue exploit that caused WannaCry to spread quickly across the globe starting on May 12. Despite the links to Lazarus, the WannaCry attacks do not bear the hallmarks of a nation-state campaign but are more typical of a cybercrime campaign. Analysis of these early WannaCry attacks by Symantec’s Security Response Team revealed substantial commonalities in the tools, techniques, and infrastructure used by the attackers and those seen in previous Lazarus attacks, making it highly likely that Lazarus was behind the spread of WannaCry. This earlier version was almost identical to the version used in May 2017, with the only difference the method of propagation. Prior to the global outbreak on May 12, an earlier version of WannaCry (Ransom.Wannacry) was used in a small number of targeted attacks in February, March, and April. The attackers stole approximately 1.3 billion from a range of financial institutions and cryptocurrency exchanges. The team points to smaller-scale attacks earlier in the year which show clear links to Lazarus, as well as the reuse of code in the May attack which took the world by surprise. government has charged three men in relation to a string of financially motivated cyber attacks linked to the North Korean Lazarus (aka Appleworm) group. Researchers at Symantec found multiple instances of code reuse from earlier versions of WannaCry and Lazarus' previous attacks. ![]() But while the links to Lazarus are strong, North Korea denies that it was involved in any sort of state-sponsored attack, dismissing such claims as "a dirty and despicable smear campaign." It is thought that the group - also responsible for attacking Sony Pictures and stealing $81 million from the Bangladesh Central Bank - operated independently for personal gain. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |