Time is on the side of security researchers, who had the opportunity to take a closer look at the malware used in the Bangladesh SWIFT cyber-heist, and their conclusions are clear cut and almost unanimous.
According to reports from Symantec, BAE Systems, and Simon Choi of IssueMakersLab, the malware used in the SWIFT-based attacks closely resembles the one used by theLazarus Group, the notorious hacker and cyber-espionage crew behind the Sony hack and multiple others on governments and private enterprises.
Malware contained a "familiar" hard disk wiping function.
BAE Systems was the first one to spot the similarities two weeks ago, but security firms are known to mess up attribution once in a while. When today Symantec released its separate report on the malware used to infiltrate and carry out the Bangladesh $81 million cyber-heist, it's conclusions were almost identical.
Both companies said the file moutc.exe contained various code functions that were near identical with the ones spotted inside malware samples deployed by the Lazarus Group in the Sony hacks.
The similarity was in the "wiping function," used by crooks to delete traces of their activity on infected systems. The Bangladesh malware (Trojan.Banswift) contained this file, which Symantec researchers quickly tied to Backdoor.Contopee, a trojan used in cyber-attacks on financial institutions in South-East Asia in the past few years alongside Backdoor.Fimlis and Backdoor.Fimlis.B.
Full Article: SWIFT Bank Attacks Connected to North Korean Group Behind Sony Hacks
According to reports from Symantec, BAE Systems, and Simon Choi of IssueMakersLab, the malware used in the SWIFT-based attacks closely resembles the one used by theLazarus Group, the notorious hacker and cyber-espionage crew behind the Sony hack and multiple others on governments and private enterprises.
Malware contained a "familiar" hard disk wiping function.
BAE Systems was the first one to spot the similarities two weeks ago, but security firms are known to mess up attribution once in a while. When today Symantec released its separate report on the malware used to infiltrate and carry out the Bangladesh $81 million cyber-heist, it's conclusions were almost identical.
Both companies said the file moutc.exe contained various code functions that were near identical with the ones spotted inside malware samples deployed by the Lazarus Group in the Sony hacks.
The similarity was in the "wiping function," used by crooks to delete traces of their activity on infected systems. The Bangladesh malware (Trojan.Banswift) contained this file, which Symantec researchers quickly tied to Backdoor.Contopee, a trojan used in cyber-attacks on financial institutions in South-East Asia in the past few years alongside Backdoor.Fimlis and Backdoor.Fimlis.B.
Full Article: SWIFT Bank Attacks Connected to North Korean Group Behind Sony Hacks
