News Karnataka
Saturday, February 04 2023
World

North Korean hackers emptying millions from ATMs in Asia, Africa: Symantec

Photo Credit :

New Delhi: North Korea-based infamous hacking group Lazarus is estimated to have stolen tens of millions of dollars from ATMs from banks in Asia and Africa, a new report from cyber security firm Symantec has revealed.

Symantec’s research team has uncovered the key component used in the group’s recent wave of financial attacks.

The operation, known as “FASTCash”, enabled Lazarus to fraudulently empty ATMs of cash.

To make the fraudulent withdrawals, Lazarus first breaches targeted banks’ networks and compromises the switch application servers handling ATM transactions, Symantec said in a statement late Thursday.

It was not clear yet if ATMs in India were also affected.

“On October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the US government’s code name for Lazarus) has been conducting “FASTCash” attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016,” said Symantec.

Lazarus is a hacking group which has been linked to a string of attacks against everything from banks to government agencies across the world, including the 2014 attack on Sony Pictures.

More recently, Lazarus has also become involved in financially motivated attacks, including an $81 million theft from the Bangladesh Central Bank and the “WannaCry” ransomware outbreak in May 2017.

According to the US government alert, one incident in 2017 saw cash withdrawn simultaneously from ATMs in over 30 different countries.

In another major incident in 2018, cash was taken from ATMs in 23 countries.

To date, the Lazarus FASTCash operation is estimated to have stolen tens of millions of dollars.

“Once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware in turn intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs,” explained the Symantec team.

The recent wave of FASTCash attacks demonstrates that financially motivated attacks are not simply a passing interest for the Lazarus group and can now be considered one of its core activities.

“Lazarus continues to pose a serious threat to the financial sector and organisations should take all necessary steps to ensure that their payment systems are fully up to date and secured,” Symantec added.

Amid growing crypto-jacking episodes, Lazarus has also stolen cryptocurrencies worth more than half a billion dollars.

According to The Next Web that cited findings from the annual report of cybersecurity vendor Group-IB last month, Lazarus was behind 14 hacking attacks on cryptocurrent exchanges since January 2017 — stealing $571 million.

Share this:
MANY DROPS MAKE AN OCEAN
Support NewsKarnataka's quality independent journalism with a small contribution.

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Leave a Reply

Your email address will not be published. Required fields are marked *

Rohan City Corp
Rohan City Corp

Find the best odds at 10Cric and IPL Betting 2023! Signup today and get up to a 100% deposit bonus.

To get the latest news on WhatsApp