Skip to main content

Lazarus Group Targets Bank Networks to Rob ATMs

posted onNovember 8, 2018
by l33tdawg
Flickr
Credit: Flickr

In addition to its 2014 attack on Sony Pictures, the Lazarus Group, also known as Hidden Cobra, has been attacking the ATMs of Asian and African banks since 2016, and today Symantec revealed that the group has been successful in its “FASTCash” operations by first targeting the banks' networks.

“The operation known as 'FASTCash' has enabled Lazarus, to fraudulently empty ATMs of cash. To make the fraudulent withdrawals, Lazarus first breaches targeted banks’ networks and compromises the switch application servers handling ATM transactions,” Symantec wrote in today’s blog post.

“Once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware in turn intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs.” By injecting a malicious Advanced Interactive eXecutive (AIX) executable into a legitimate process on the switch application of the network that handles ATM transactions, the attacker is able to monitor incoming messages and intercept fraudulent, attacker-generated transaction requests, preventing them from reaching the switch application.

Source

Tags

Industry News

You May Also Like

Recent News

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th

Friday, June 7th