BE­HIND HACK­ING’

New Straits Times - - World -

other ma­li­cious pro­grammes.

“We are rea­son­ably cer­tain” Lazarus was re­spon­si­ble, Sy­man­tec re­searcher Eric Chien said.

Py­ongyang de­nied al­le­ga­tions that it was in­volved in the hacks, which were made by of­fi­cials in Wash­ing­ton and Seoul, as well as se­cu­rity firms.

United States Fed­eral Bureau of In­ves­ti­ga­tion rep­re­sen­ta­tives could not be reached for com­ment.

Sy­man­tec did not iden­tify tar­geted or­gan­i­sa­tions and said it did not know if any money had been stolen. Nonethe­less, it said the claim was sig­nif­i­cant be­cause the group used a more so­phis­ti­cated tar­get­ing ap­proach than in pre­vi­ous cam­paigns.

“This rep­re­sents a sig­nif­i­cant es­ca­la­tion of the threat,” said Dan Guido, chief ex­ec­u­tive of Trail of Bits, which does con­sul­ta­tions for banks and the US gov­ern­ment.

Lazarus had been blamed for a string of hacks dat­ing back to at least 2009, in­clud­ing last year’s US$81 mil­lion (RM359 mil­lion) heist from Bangladesh’s cen­tral bank, the 2014 hack of Sony Pic­tures En­ter­tain­ment that crip­pled its net­work for weeks and a long-run­ning cam­paign against or­gan­i­sa­tions in South Korea.

Guido, who reviewed Sy­man­tec’s find­ing, said it was trou­bling to see a hack­ing group fo­cus on at­tack­ing banks us­ing in­creas­ingly so­phis­ti­cated tech­niques.

Sy­man­tec, which has one of the world’s largest teams of mal­ware re­searchers, reg­u­larly analy­ses emerg­ing cy­ber threats to de­fend busi­nesses, gov­ern­ments and con­sumers that use its se­cu­rity prod­ucts.

The firm an­a­lysed the hack­ing cam­paign last month when news sur­faced that Pol­ish banks had been in­fected with mal­ware.

At the time, Sy­man­tec said it had “weak ev­i­dence” to blame Lazarus.

Poland’s big­gest bank lob­by­ing group, ZBP, last month said the sec­tor was tar­geted in a cy­ber­at­tack, but did not pro­vide fur­ther de­tails.

Gov­ern­ment au­thor­i­ties de­clined com­ment on the in­ci­dent.

Au­thor­i­ties in Poland could not be reached for com­ment late on Wed­nes­day.

Sy­man­tec said the lat­est cam­paign was launched by in­fect­ing web­sites that in­tended vic­tims were likely to visit, known as a “wa­ter­ing hole” at­tack.

The mal­ware was pro­grammed to only in­fect vis­i­tors whose IP ad­dress showed they were from 104 spe­cific or­gan­i­sa­tions in 31 coun­tries, ac­cord­ing to Sy­man­tec.

The largest num­ber were in Poland, fol­lowed by the US, Mex­ico, Brazil and Chile. Reuters

Newspapers in English

Newspapers from Malaysia

© PressReader. All rights reserved.