image

North Korea

BAE Systems blames North Korea’s Lazarus hackers for cyberattack on Taiwanese bank

British defence group points finger at Pyongyang for latest attempt to target the Swift messaging system

PUBLISHED : Tuesday, 17 October, 2017, 9:54am
UPDATED : Tuesday, 17 October, 2017, 9:47pm

BAE Systems, the defence and security firm, said on Monday that it believed the North Korean Lazarus hacking group was likely to have been responsible for a recent cyber heist in Taiwan, the latest in a string of hacks targeting the global Swift messaging system.

“The likely culprit is Lazarus,” BAE cyber-intelligence chief Adrian Nish said.

The British firm has previously linked Lazarus to last year’s US$81 million cyber heist at Bangladesh’s central bank, as have other cyber firms including Russia’s Kaspersky Lab and California-based Symantec.

BAE’s claim that Lazarus was probably responsible for the hack on Taiwan’s Far Eastern International Bank showed that North Korea was continuing to seek to generate cash through hacking.

Crippled by sanctions, North Korea may not last a year, defector says

Nish said he expected the group to continue to target banks.

“They are not just going to go away. They’ve built the tools. They are going to keep going back,” he said.

However, he said the group appeared to have had difficulty in pulling funds out of the banking system, after the massive Bangladesh heist, which prompted Swift and banks to boost security controls.

Taiwan’s Central News Agency reported last week that while hackers sought to steal about US$60 million from Far Eastern Bank, all but US$500,000 had been recovered.

BAE previously disclosed that Lazarus attempted to steal money from banks in Mexico and Poland, though there is no evidence the effort succeeded.

Waiting game for North Korean workers in China as shutdown deadline looms

A security executive with Swift, a Belgium-based cooperative owned by banks, said last week that hackers had continued to target the message system this year, although many attempts had been thwarted by the new security controls.

Swift declined to comment on the findings, which BAE detailed in a report on its website: https://baesystemsai.blogspot.ca/2017/10/taiwan-heist-lazarus-tools.html

The report provides technical details on malware samples that BAE believes were probably used to target the Taiwan bank.