MANILA, Philippines – Security software company Symantec reported Thursday, May 26, that an unnamed bank in the Philippines was also attacked by the group that took $81 million from Bangladesh’s central bank.
The same software was also used in an attempt to steal over $1 million from Vietnam’s Tien Phong Bank.
According to Symantec’s report, some of the tools used in the targeted attacks share similarities in code with malware used in other attacks linked to the group known as Lazarus.
These attacks can be traced back to around October 2015 – two months before the failed Vietnam attack which was previously seen as the earliest known incident.
An analysis of 3 pieces of malware – Backdoor.Fimlis, Backdoor.Fimlis.B, and Backdoor.Contopee – showed code sharing between early variants of Backdoor.Contopee and Trojan.Banswift, which was used in the Bangladesh attack. Symantec thus believes, as a result of the code sharing and the usage of the malware, that the tools can be attributed to the same group of attackers.
Symantec also said Backdoor.Contopee was previously used by attackers associated with the Lazarus threat group.
It added: “Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea. The group was linked to Backdoor.Destover, a highly destructive Trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment. The FBI concluded that the North Korean government was responsible for this attack.”
Symantec believes the group is conducting a “wide campaign against financial targets in the region,” and reminds banks and other financial institutions to be vigilant. – Rappler.com
There are no comments yet. Add your comment to start the conversation.