After several months of studying the protocols, transfers, and ways of communication between financial institutions, the hacking group called Lazarus managed to trick the bank’s staff into transferring $80M to them from the Central Bank of Bangladesh’s New York Federal Reserve account. Security experts had stated that the cybercriminals aren’t showing signs of stopping anytime soon.
An unidentified group has sent more than three dozen rapid money requests in February last year. The requests were made from the account that was accessed to via stolen SWIFT credentials.
The group was unknown at the time, and they tried to steal around $851 million. Fortunately, a typographical error was spotted by an unnamed employee, and the transfer was stopped, but only after $80 million had already been transferred. The heist is considered to be the largest and most successful cyber-attack ever, and the investigation is going on.
Cybersecurity firm that has been conducting the investigation suspects that the attacks were conducted by Lazarus, a group known for attacking manufacturing companies, financial institutions and the media, and that they’ve been known for this kind of attacks in more than 15 countries since 2009. The Lazarus group is currently being suspected of being interested in virtual currency thefts that might lead to money laundering.
Cyber security experts are suspecting Lazarus because of the malware that was used. Apparently, it’s similar to the one that’s already connected to the group, and it’s believed that the heist involved at least several individuals.
Kaspersky is also suspecting the group called Bluenoroff, although their methods don’t include concealing their tracks or false flag operations. Still, they’re being suspected because of their use of the same toolkit as Lazarus. Another thing that suggests it wasn’t Bluenoroff are the servers that were discovered after following the infection chain, and those servers were controlled by Lazarus as well.
After the theft, the group was quiet for several months, but it’s believed that they used that time to prepare for new attacks. Their next targets were located in Europe and Southeast Asia, but they were caught and stopped during both attacks.
These attacks work by breaching a single system inside a bank and then luring bank employees to websites with malicious code. This code would then spring the trap, and the malware would activate and bring additional tools into the infected system. After the successful infiltration, the group can learn the network and spy on activities inside the bank’s systems for months without being detected.
After discovering the resources that they need, Lazarus deploys a special malware that goes around security features and requests false transactions on behalf of legitimate clients.
Malware connected to Lazarus was found in many institutions since December 2015, and in many countries as well. The most recent discovery occurred just last month. It’s believed that they aren’t planning on stopping, but on evolving instead. The Kaspersky team was tracking the group for months, but now they have gone quiet again.
The group is expected to return and try another attack sooner or later, and many institutions that are likely to become their targets have been warned not to take this threat lightly.