• The Lazarus Group and their Top Three Cyber Hits.
  • The Lazarus Group and their Top Three Cyber Hits.
  • The Lazarus Group and their Top Three Cyber Hits.

The Lazarus Group and their Top Three Cyber Hits.

Time to read
3 minutes
Read so far

The Lazarus Group and their Top Three Cyber Hits.

Tue, 03/20/2018 - 22:07
Posted in:
0 comments

With the latest edition of Newsweek highlighting a fresh set of high scale, North Korean cyber-attacks on banks, we truly feel it's time to give a run-down of which Super Cyber Criminals have been pushing all our buttons recently.

With the latest edition of Newsweek highlighting a fresh set of high scale, North Korean cyber-attacks on banks, we truly feel it's time to give a run-down of which Super Cyber Criminals have been pushing all our buttons recently.

However, once you start making the shopping list of "Most Damaging Cyber Acts' the same foe keeps on springing up, namely, the Lazarus Group. Behind a huge basket full of cloak and dagger cybercrimes, this one group keeps on appearing as the catalyst or point of origin.

 This begs the question of whether it's time to focus all our energies against Lazarus and what that may mean, but first. it's time we understood who we are dealing with. 

The Powerful Lazarus Group, A.K.A. Hidden Cobra are largely believed to be predominately state-Sponsored Cyber-attacks from Pyongyang and their cyber network across Southeast Asia). They are argued to have been at the bottom of the highest impact cyber-attacks in recent years.

Given the recent push towards diplomacy coming from North Korea, the latest Hidden Cobra attack acts as a counterbalance to all this Winter Olympic inspired goodwill, North Korea it seems is still run through paranoia and delusions of grandeur and we must have our eyes permanently pinned open.

What the Lazarus Group is trying to do, goes way beyond causing chaos. There are heists on financial organizations and bitcoin break-ins that are truly eye popping.  With so many sanctions set against the North Korean government, these cybercrimes are quite obviously bank rolling the defensive capabilities and nuclear ambitions of Pyongyang.

With that in mind, let's run through their Top Three Cyber Attacks:

Sony Pictures (2014)

Claimed as the "Hack of the Century" from Fortune.com, thankfully we aren’t even two decades in, U.S. Government officials tied the infamous Sony Hack to the North Korean outrage at the Sony-Backed film 'The Interview'.

Hackers broke into the Sony Pictures Computer systems in October, 2014 and stole masses of private documents, posting them online and exposing them to, well basically anyone. The fallout from the wholesale distribution of private data, was different in nature to other cyber-attacks and potentially much more threatening.

 Sony like other studios value their privacy immensely, because it's worth millions, as these details can make or break blockbusters and they responded in panic, withdrawing the films nationwide release, as threatened.

Many were very concerned over Sony's capitulation because of the possible precedent it set for those wishing to subvert freedom of expression, especially within the arts.

Bangladesh Central Bank (2016)

The biggest bank heist ever.

 $81 million was simply extracted from the Bangladesh bank and plopped in the Philippines by hackers, neither in Bangladesh or the Philippines, talk about a serious magic trick.

[Cyberhub Summit Coming to Austin, Tx | May 3, 2018 - Cyber Security education for executives and business owners, Exclusive Dinner and Powerful Networking. | Get the latest from Cyberhub Summit by signing up for their newsletters. ]

Initially, unsure if they had been compromised, the Bangladesh Bank employed the World Informatix Cyber Security to lead a security response, engage with penetration testing and do a full vulnerability assessment. Unfortunately, they found traces, malware and elephant size footprints suggesting a breach.

The investigators also said that the hackers were based outside Bangladesh and guess who came on the radar again?  The investigation found malware installed within the bank's system in January 2016 and gathered information on the bank's operational procedures for international payments and fund transfers.

The hackers sent fake messages, on the SWIFT system, to the New York Federal Reserve demanding transfer of a cool $1 billion from Bangladesh Bank’s account there. Although most transfers were blocked about $81 million was sent to a bank in the Philippines.

WannaCry (2017)

WannaCry was a crypto-ransomware attack targeting computers running under Microsoft Operating systems, so that means an attack with the potential of affecting the vast, vast majority of us. They encrypted and froze data, demanding ransom payments in bitcoin and were known as the Shadow brokers.

The delivery of WannaCry didn’t need any user interaction to initiate and infect a computer. The payload is designed with a network scanner, so it actively can additional hosts and spread like the true pandemic it was.

So no one had to click on a malicious link, yet the worm spread through Microsoft operating systems..very malicious indeed. It seemed there was a vulnerability in older Windows Operating systems and  spread through EternalBlue, Microsoft had provided ways to protect against the vulnerability but basically  WannaCry spread because so many use older Windows operating systems and back doors were utilized on infected systems.

Although it only took a few days to discover this attack, the attack was global and infected 200,000 computers across 150 countries with total damages reaching the billions.   By December 2017 the United StatesUnited Kingdom and Australia formally asserted that North Korea ( the Lazarus Group) was behind the attack.

By Karin Zalcberg on 3/20/18

Article first reported at CyberHub Summit