Anomali Labs Evidence Hints At Lazarus Involvement In Swift Breach

It appears there is new evidence linking the recent Swift attacks to a North Korean hacker collective. Several pieces of malware have been identified by Anomali, making them the third security institution to confirm these suspicions.

Lazarus Hacker Collective Attacked Swift?

That seems to be the most obvious outcome of these investigations, After Symantec and BAE Systems found evidence linking the Swift attacks to North Korean hackers, security vendor Anomali Labs has come to the same conclusion. Albeit the hackers did their best to eliminate traces of their activity, there is still plenty of circumstantial evidence for researchers to delve into.

Several types of malware have been used during these attacks, and all of them seem to lead back to Lazarus, a North Korean hacker collective. They are also the ones responsible for breaching Sony Picture sin 2014, and the method of attack used for both incidents shows multiple similarities.

Anomali researchers have discovered five different malware code samples used during the Swift attacks. All of these tools have been used by Lazarus in the past. It is impossible to deny the similarities, but there is no conclusive evidence either. These hacking tools are often resold on deep web marketplaces, and it is possible a different entity is behind these attacks.

However, there is some evidence which seems to point towards Lazarus directly. Symantec describes several of these malware code fragments as “unique and previously used only by Lazarus”. While this is still too early to draw foregone conclusions, the malware used in the Sony Pictures and Swift hacks indicates a shared code base.

It is important to keep in mind the findings by these three different security research firms are not sufficient to blame North Korea for the Swift attacks. Direct evidence is required, such as a network connection from a North Korean computer, or at least, forensic evidence gathered from one of the Lazarus members’ device. Obtaining that evidence will be pretty much impossible, though.

Source: Dark Reading

Images credit 1,2

If you liked this article follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin and altcoin price analysis and the latest cryptocurrency news.