LAST_UPDATEFri, 20 Jul 2018 1pm

Cybercriminals Who Attacked South Korea's Military Also Responsible For Recent ATM Attacks

Russian cybersecurity company Kaspersky Lab said the recent ATM thefts in South Korea and cyberattack on the country’s military may be related to a notorious cybercriminal hacking group.

In August 2016, 3,000 hosts in the military were affected after a cyberattack crippled the South Korean’s Ministry of National Defence.

Six months later, more than 60 ATMs in the nation, that were operated by a single vendor, were compromised with malware. The attack has caused the information theft of 2,500 financial cards as well as the illegal withdrawal of 2,500 USD from the stolen accounts.

The company has found similarities between the attacks, and they discovered that the DarkSeoul malicious operations were behind the attack, a group that is attributed to the Lazarus hacking group, Kaspersky Lab revealed in a media statement today.

It was discovered that both attacks use the same decryption routines, overlap in command and control infrastructure, and similarities in code.

“While neither the military nor the ATM attacks were huge and damaging, they are evidence of a worrying trend. South Korea has been the target of cyberespionage attacks since at least 2013, but this is the first time that its ATMs have been targeted purely for financial gain.

“If the connections we found are accurate, this is yet another example of the Lazarus group turning its attention and considerable malicious arsenal to profiteering. Banks and other financial institutions need to fortify their defenses before it’s too late,” said Seongsu Park, Senior Security Researcher at Kaspersky Lab’s Global Research and Analysis Team (GReAT).

Lazarus is an active cybercriminal group, suspected to be the culprits behind devastating cyberattacks globally, including the Sony Pictures hack in 2014, last year’s Bangladesh Bank heist that costed the victim $81 million, and more recently the WannaCry worm cyberattack.

Kaspersky has advised the public to take preventive measures to prevent unwanted complications, such as developing a fraud prevention strategy, conducting annual security audits, and training employees to be more aware of potential cyber threats.

-- mD