THE NORTH KOREAN-LINKED hacking group Lazarus is up to its old tricks again, this time forcing cash machines in 23 countries to spit out millions of dollars to money mules (human criminals, rather than the loaded offspring of donkeys and horses).
Security firm Symantec has the full mucky details of how the hack works on its threat intelligence blog, but the crib notes version is this. Hackers first compromised the servers of targeted banks, aiming for the switch application servers that handle ATM transactions. Once compromised, the Trojan.Fastcash malware sprung into life, intercepting cash withdrawal requests and sending fake approval responses, making the machines spit out cash like a pub quiz machine after a lock-in.
Symantec reports that the scheme has been going on for some time, and while the 2018 attack targeted 23 countries in Africa and Asia, the US government reports a similar attack in 2017 which saw 30 nations’ ATMs breached simultaneously.
The good news – well, goodish – is that all Trojan.Fastcash attacks seem to have hit servers running outdated software.
“Although the infection vector is unknown, all of the compromised switch application servers were running unsupported IBM Advanced Interactive eXecutive (AIX) operating system versions beyond the end of their service pack support dates,” the report reads. Assuming these vulnerabilities have now been patched, that’s a lesson learned the hard and expensive way.
You may be familiar with Lazarus’ handiwork. Back in 2015, the group hit international headlines for the hacking of Sony Pictures, where it leaked forgettable comedy flick The Interview which featured the assassination of North Korean leader Kim Jong Il. Lately, though, its attacks have been less politically motivated, with money seeming to be the main factor. Most notably, the group was found responsible for the WannaCry ransomware, but also nabbed $81m from the Bangladesh bank. µ
Source : Inquirer