Financial Crime World

Cyber-Attackers Target Polish Banks, Linked to Lazarus Group

======================================================

A series of sophisticated cyber-attacks has targeted multiple Polish banks, believed to be linked to the notorious Lazarus Group. The attacks were carried out using a malware-based exploit kit that infected the banks after their staff visited the website of the Polish Financial Supervision Authority.

The Attack

According to security experts from Symantec and BAE Systems, the attackers used a sophisticated exploit kit to infect the banks’ systems. The malicious files were discovered on the servers of the Polish Financial Supervision Authority, which had been compromised by hackers from another country.

How It Happened

  • Staff at Polish banks visited the website of the Polish Financial Supervision Authority, which was compromised by hackers.
  • The attackers used a malware-based exploit kit to infect the banks’ systems.
  • The malware delivered a strain of malware known to be part of the toolkit of the Lazarus Group.

The Lazarus Group

About the Lazarus Group

The Lazarus Group is considered highly sophisticated and has been active since at least 2009. Experts have spotted at least three strains of malware used by the group in targeted attacks against financial institutions.

  • The attackers exploited “watering holes” to infect machines with previously unknown malware.
  • Symantec has blocked attempts to infect customers in Poland, Mexico, and Uruguay using the same exploit kit that infected the Polish banks.

Notorious Attacks

The Lazarus Group has been involved in several high-profile attacks, including:

  • The SWIFT attack on Bangladesh Bank
  • Hacking operations Dark Seoul and Operation Troy

Investigation and Response

Investigation

  • Authorities are working with security firms BAE Systems and Symantec to investigate the attacks.
  • The Polish Financial Supervision Authority confirmed that its internal systems had been compromised by hackers.

Response

  • Several banks have confirmed they have been infected with malware and are currently investigating the security breach.
  • Despite concerns about potential financial losses, there is currently no evidence to suggest money has been stolen from Polish banks or their customers.
  • Some target organizations have reported large outgoing data transfers.

Conclusion

The Lazarus Group’s activities highlight the need for robust cybersecurity measures in the financial sector to protect against sophisticated cyber-attacks. As the investigation continues, it is essential that authorities and financial institutions work together to prevent further breaches and ensure the security of their systems.