An aggressive campaign of malware attacks against dozens of banks across the globe has been linked to the notorious cybercriminal group known as Lazarus.
The hacking gang, active since 2009, has been involved in a number of aggressive cyberattacks against financial institutions, including the theft of $81m from the Bangladesh Bank’s US Federal Reserve.
Now the group continues to be a thorn in the side of organisations across the globe as banks in 31 countries have been targeted in a new wave of attacks by Lazarus that began in October last year.
This latest wave of attacks came to light when a Polish bank discovered previously unknown malware on its network and shared indicators of compromise with other institutions, a number of which also found they’d fallen victim to the malware.
The source of the attack is suspected to have been the website of the Polish financial regulator, which was compromised by hackers who used a watering hole attack to redirect visitors to an exploit kit. This exploit kit infected specific targets with malware that’s instructed to only infect visitors from around 150 different IP addresses.
While these are mostly banks, a small number of telecommunications and internet firms have also been targeted by this malware scheme, which takes aim at 104 organisations in 31 countries. Banks in Poland and the United States are most targeted by Lazarus in this attack, which also hit a number of banks in Central and South America.