The North Korean hackers known as Lazarus Group are now stealing from ATMs to the tune of tens of millions of dollars, according to research Symantec released Thursday. Lazarus Group, which is most famously behind the attack on Sony Pictures and the WannaCry ransomware, has been conducted “FASTCash” attacks where they steal money from ATMs from banks in Asia and Africa – with no reports of attacks on U.S. banks. US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI first announced Lazarus Group’s ATM attacks on Oct. 2 and noted that the attacks have been going on since 2016. Following US-CERT’s announcement, Symantec examined how Lazarus Group was able to conduct their accounts. “To make the fraudulent withdrawals, Lazarus first breaches targeted banks’ networks and compromises the switch application servers handling ATM transactions,” Symantec explained. “Once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware, in turn, intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs.”

Read More About
About
Kate Polit
Kate Polit
Kate Polit is MeriTalk's Assistant Copy & Production Editor covering the intersection of government and technology.
Tags