CYBER ATTACKS on the Swift payment system have been linked to North Korea by security researchers following an analysis of the malware code that showed similarities with malware used in attacks since 2009.
This would not be the first time that North Korea has been implicated in criminal activity. The country's leadership has been linked with a high-quality counterfeiting operation and the mass production and distribution of methamphetamine.
Analysis by security firm Symantec indicates that a hacking group called Lazarus is behind the attacks. The group was responsible for a number of sophisticated attacks on targets in the US and South Korea.
"Symantec believes that distinctive code shared between [malware] families, and the fact that Backdoor.Contopee [linked with Lazarus] was being used in limited targeted attacks against financial institutions in the region, means that these tools can be attributed to the same group," the firm said.
"Backdoor.Contopee has been used by attackers associated with a broad threat group known as Lazarus. Lazarus has been linked to a string of aggressive attacks since 2009, largely focused on targets in the US and South Korea.
"The group was linked to Backdoor.Destover, a highly destructive trojan that was the subject of an FBI warning after it was used in an attack against Sony Pictures Entertainment."
The FBI concluded that the North Korean government was responsible for the attack on Sony, which coincided with the release of a film depicting the assassination of Kim Jong-un.
Security researchers are now analysing code used in that attack with forensics from the growing number of banks that have seen their Swift payment systems attacked.
"The group was the target of a cross-industry initiative known as Operation Blockbuster earlier this year, which involved major security vendors sharing intelligence and resources to assist commercial and government organisations in protecting themselves against Lazarus," said Symantec.
"As part of the initiative, vendors are circulating malware signatures and other useful intelligence related to these attackers."
At least three banks are believed to have been attacked by the same group, using malware to infiltrate the banks' networks and attempt to cover up afterwards.
A fourth, Ecuador's Banco del Austro, is also believed to have been attacked, but the malware used has not yet been analysed by independent forensic experts. The bank is currently suing banks in Hong Kong, which were the beneficiaries of what it claims were fraudulent transfers.
The claims follow news of a February attack on Bangladesh Bank, the central bank of Bangladesh, in which $81m was stolen from a total of $951m that the thieves had attempted to appropriate.
That news was followed quickly by claims that banks in Vietnam, Ecuador and now the Philippines were attacked by the same group.
The group has also been linked with attacks on three South Korean broadcasters that rendered their networks unusable. Boot files were deleted. preventing many staff using their PCs.
The North Korean government is believed to have been behind a number of criminal activities, including counterfeiting money and the production and distribution of methamphetamine via an agency known as ‘Office 39'.
An FBI investigation into the organisation was closed by President Bush, despite a clear trail of evidence leading to Pyongyang.
Symantec's claims followed suggestions by cyber specialists at BAE Systems in May that there were links with the malware used in the Bangladesh Bank attack and the attack on Sony Pictures. µ
Firm wants to offer plenty of performance for lower prices
Second privacy misfire in as many months
Last-gen Titan cards reduced to graphical gnats
For those who want to read INQ with a plastic box strapped to their face