North Korea has been linked to the notorious Lazarus Group, a cybercrime group that has reportedly raided Nigerian banks.
In a new report by antivirus makers Kaspersky Labs, a subset of the Lazarus Group, dubbed as Bluenoroff has been raiding banks all over the world.
Banks in Poland, Russia, India, Norway, Nigeria, Australia and Mexico have been the targets of these attacks, according to the report.
The biggest of these attacks was an $80 million raid of the Bangladesh Bank.
“One of Bluenoroff’s favorite strategies is to silently integrate into running processes without breaking them. From the code we’ve seen, it looks as if they are not exactly looking for a hit and run solution when it comes to money theft,” Kaspersky Lab argued.
“Their solutions are aimed at invisible theft without leaving a trace. Of course, attempts to move around millions of USD can hardly remain unnoticed, but we believe that their malware might be secretly deployed now in many other places and it isn’t triggering any serious alarms because it’s much more quiet.”
Kaspersky also revealed a possible connection that the hackers were based in North Korea, after an IP trace.
It was found because a Monero mining software installation on the same server caused the system to freeze, meaning server logs were not cleaned.
“This is the first time we have seen a direct link between Bluenoroff and North Korea,” said the researchers.
“Now, is it North Korea behind all the Bluenoroff attacks after all? As researchers, we prefer to provide facts rather than speculations. Still, seeing IP in the C2 log, does make North Korea a key part of the Lazarus Bluenoroff equation.”