N. Korean group likely behind cyber attacks: Symantec

Symantec said that researchers have uncovered digital evidence suggesting the Lazarus group was behind the campaign that sought to infect victims with "loader" software.
Symantec said that researchers have uncovered digital evidence suggesting the Lazarus group was behind the campaign that sought to infect victims with "loader" software.PHOTO: REUTERS

BOSTON • A North Korean hacking group known as Lazarus was likely behind a recent cyber campaign targeting organisations in 31 countries, following high-profile attacks on Bangladesh Bank, Sony and South Korea, cyber-security firm Symantec Corp has said.

Symantec said in a blog on Wednesday that researchers have uncovered four pieces of digital evidence suggesting the Lazarus group was behind the campaign that sought to infect victims with "loader" software used to stage attacks by installing other malicious programs.

"We are reasonably certain" Lazarus was responsible, Symantec researcher Eric Chien said.

The North Korean government has denied allegations it was involved in the hacks, which were made by officials in Washington and Seoul, as well as security firms.

United States Federal Bureau of Investigation representatives could not immediately be reached for comment.

Symantec did not identify targeted organisations and said it did not know if any money had been stolen.

Nonetheless, Symantec said the claim was significant because the group used a more sophisticated targeting approach than in previous campaigns.

Lazarus has already been blamed for a string of hacks dating back to at least 2009, including last year's US$81 million (S$113.6 million) heist from Bangladesh's central bank, the 2014 hack of Sony Pictures Entertainment that crippled its network for weeks and a long-running campaign against organisations in South Korea.

Symantec said the latest campaign was launched by infecting websites that intended victims were likely to visit, which is known as a "watering hole" attack.

The malware was programmed to only infect visitors whose IP address showed they were from 104 specific organisations in 31 countries, according to Symantec.

The largest number were in Poland, followed by the US, Mexico, Brazil and Chile.

REUTERS

A version of this article appeared in the print edition of The Straits Times on March 17, 2017, with the headline 'N. Korean group likely behind cyber attacks: Symantec'. Print Edition | Subscribe