After Bangladesh, The ‘Lazarus’ has turned to hacking African Banks

Nigeria, Kenya, Gabon and Ethiopia financial institutions are among the 18 countries that have been consistently hacked since 2015 by Lazarus – a notorious hacking group allegedly responsible for the theft of 81 million dollars from the Central Bank of Bangladesh in 2016, according to Cyber security firm Kaspersky.

The firm alleged that the group have consistently attacked casino software developers for investment companies and crypto-currency businesses in four Africa countries until March 2017, reflecting a growing sophistication among digital criminals, who for years have been breaching personal bank accounts and stealing credit card credentials.

The 58-page report on Lazarus findings shows that the Lazarus hackers made a direct connection from an IP address in North Korea to a server in Europe that was used to control systems infected by the group around the world.

“Even though attackers were careful enough to wipe their traces, at least one server they breached for another campaign contained a serious mistake with an important artefact being left behind. In preparation for operation, the server was configured as the command & control center for the malware. The first connections made on the day of configuration were coming from a few VPN/proxy servers indicating a testing period for the C&C server.”

The group has said there is a direct connection’ between North Korea and Lazarus, a hacking group whose activities dating back to 2009 have been documented by the world’s biggest cyber security firms.

The cyber security firm also warns that the Lazarus group heavily invests in new variants of their malware.

“For months they were trying to create a malicious toolset which would be invisible to security solutions, but every time they did this, Kaspersky Lab’s specialists managed to identify unique features in how they create their code, allowing Kaspersky Lab to keep tracking the new samples. Now, the attackers have gone relatively quiet, which probably means that they have paused to rework their arsenal.”

“We urge all organisations to carefully scan their networks for the presence of Lazarus malware samples and, if detected, to disinfect their systems and report the intrusion to law enforcement and incident response teams,” added Vitaly Kamluk Head of Global Research and Analysis Team APAC at Kaspersky Lab.