Symantec: North Korean hacking group behind attacks in 31 countries
BOSTON: A North Korean hacking group known as Lazarus was likely behind a recent cyber campaign targeting organisations in 31 countries, following high-profile attacks on Bangladesh Bank, Sony and South Korea, cyber security firm Symantec Corp said on Wednesday.
It said in a blog that researchers have uncovered digital evidence suggesting Lazarus was behind the campaign that sought to infect victims with "loader" software used to stage attacks by installing other malicious programs.
"We are reasonably certain Lazarus was responsible," Symantec researcher Eric Chien said in an interview.
North Korea has denied allegations it was involved in the hacks.
Symantec did not know if any money had been stolen. Nonetheless, it said the claim was significant as Lazarus used a more sophisticated targeting approach than in previous campaigns.
"This represents a significant escalation of the threat," said Mr Dan Guido, chief executive of Trail of Bits, which offers consulting to banks and the US government.
Lazarus has been blamed for a string of hacks dating back to 2009, including last year's $81 million heist from Bangladesh's central bank, the 2014 hacking of Sony Pictures that crippled its network for weeks and a long-running campaign against organisations in South Korea.
Symantec, which has one of the world's largest teams of malware researchers, regularly analyses emerging cyberthreats to help defend businesses, governments and consumers that use its security products.
The firm analysed the hacking campaign last month when news surfaced that Polish banks had been infected with malware. At the time, Symantec said it had "weak evidence" to blame Lazarus.
Poland's biggest bank lobbying group, ZBP, said last month that the sector was targeted in a cyber attack, but did not provide further details.
Government authorities declined comment.
Symantec said the latest campaign was launched by infecting websites that intended victims were likely to visit.
The malware was programmed to only infect visitors whose IP address showed they were from 104 specific organisations in 31 countries, said Symantec. The largest numbers were in Poland, followed by the US and Mexico. - REUTERS