The Lazarus Group, a hacking organization with strongly alleged ties to North Korea’s totalitarian regime, is suspected to be behind a wave of malware cyber attacks on Turkey. According to security vendor McAfee, the cyber attacks targeted two government-controlled financial institutions handling trade and finance in Turkey.
McAfee states that no money was stolen in the cyber attacks, but that these could be laying the groundwork for large-scale hacks on Turkey in the future. The crime, first detected between March 2 and March 3, used a sample in the “Bankshot” malware family. Bankshot can linger on networks and servers, allowing continued exploitation long after the initial infection.
Ryan Sherstobitoff, McAfee’s Senior Analyst of Major Campaigns, said in a statement “While we can’t definitively establish motivations, it’s likely these attacks are part of an ongoing effort on the part of the attackers to compromise major financial institutions.” McAfee said the malware was spread via spearphishing campaigns and exploited unpatched Adobe Flash scripts.
Bankshot was last seen in 2017 and has long been associated with North Korea’s hacking activities. Experts suspect North Korea of numerous digital thefts as economic sanctions put pressure on their regime and economy. They’ve been tied to cyber attacks on cryptocurrencies and nation-states in the past, especially on their rival South Korea. This is the first time their alleged cyber theft efforts have targeted Turkey. However, while McAfee has no doubt that North Korea is responsible for these attacks, the possibility of a false flag operation precludes potential retaliation.
Representatives from Turkey did not offer a statement on the cyber attack at time of writing.
- More Expert Commentary and Coverage of the GetHealth Exposure - September 14, 2021
- GetHealth Platform Misconfiguration Exposes 61 Million Fitness-Tracking Records - September 13, 2021
- Panther Labs Releases State of SIEM 2021 Report - September 13, 2021