Scoop has an Ethical Paywall
Work smarter with a Pro licence Learn More

Video | Agriculture | Confidence | Economy | Energy | Employment | Finance | Media | Property | RBNZ | Science | SOEs | Tax | Technology | Telecoms | Tourism | Transport | Search

 

How the Lazarus Group is Emptying Millions from ATMs

FASTCash: How the Lazarus Group is Emptying Millions from ATMs

Last month, the US government issued an alert that Lazarus has been conducting “FASTCash” attacks against ATMs from banks in Asia and Africa. Symantec researchers have since uncovered the key component used by Lazarus to fraudulently empty ATMs of cash.

Known initially for its espionage operations and high-profile attack against Sony Pictures, Symantec’s research shows increasing financial motivation behind the Lazarus group’s attacks, including the targeting of the Bangladesh Central Bank and the group’s WannaCry ransomware operation. This recent wave of FASTCash attacks demonstrates that financially motivated attacks are not simply a passing interest for Lazarus, but one of its core activities.

Advertisement - scroll to continue reading

Are you getting our free newsletter?

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.

To make fraudulent withdrawals, Lazarus first breaches the banks’ networks and compromises the switch application servers handling ATM transactions.Once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed, which intercepts fraudulent cash withdrawal requests and sends fake approval responses, in turn allowing the attackers to steal cash from ATMs.

© Scoop Media

Advertisement - scroll to continue reading
 
 
 
Business Headlines | Sci-Tech Headlines

 
 
 
 
 
 
 
 
 
 
 
 

Join Our Free Newsletter

Subscribe to Scoop’s 'The Catch Up' our free weekly newsletter sent to your inbox every Monday with stories from across our network.