North Korea blamed for a cyber attack on Turkish Financial Sector

From the past one year or so, many media sources from around the world were seen accusing North Korea and its leader Kim Jung Un for launching cyber attacks on their public and private digital assets. Now the latest to join is a cybersecurity firm named McAfee which accuses North Korean hackers group Hidden Cobra from attacking Turkish Financial System with Bankshot malware early this month.

As the behavior of the said malware matches to the control and server strings of the previous attack launched by hidden cobra on the global financial network SWIFT, researchers from McAfee came to a conclusion that hackers sponsored by the North Korean government were behind the attack.

McAfee’s Advanced Threat Research team discovered that Bankshot malware implant was used to target cryptocurrency and financial organizations in Turkey.

First, the cyber attack campaign started with spear phishing emails written in Korean language and containing a malicious MS word document embedded with adobe flash exploit. The file appeared to be a Bitcoin distribution agreement template between an unknown individual from Paris and a cryptocurrency exchange. And as soon as the user clicked on the provided URL link, the malware was spread into the network through the victim’s computer.

The Telemetry data of McAfee shows that the infection occurred on March 2 and 3 on three large financial institutes in Turkey and later spread to other bank networks within no time.

As of now, there are no reports of stolen money in the attacks. Thus, the researchers believe that the phishing attack campaign was intended to get remote access to the internal systems of the targeted government-controlled financial institutions.

McAfee research claims that Bankshot implants are being distributed from a domain similar to the cryptocurrency lending platform Falcon Coin. But in reality, the said website is in no way associated with the original platform.

Note- On late Thursday, Donald Trump announced it on an official note that he is interested in having talks with North Korea leader Kim Jung and hoped to strike peace in the very first meeting.

Ad
Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
Naveen Goud
Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

No posts to display