FASTCash: How the Lazarus Group is Emptying Millions from ATMs
Contents
FASTCash: How the Lazarus Group is Emptying Millions from ATMs
Symantec uncovers tool used by Lazarus to carry out ATM attacks.
On October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the U.S. government’s code name for Lazarus) has been conducting “FASTCash” attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016.
Lazarus is a very active attack group involved in both cyber crime and espionage. The group was initially known for its espionage operations and a number of high-profile disruptive attacks, including the 2014 attack on Sony Pictures. More recently, Lazarus has also become involved in financially motivated attacks, including an US$81 million theft from the Bangladesh Central Bank and the WannaCry ransomware.
Following US-CERT's report, Symantec’s research uncovered the key component used in the …
Symantec uncovers tool used by Lazarus to carry out ATM attacks.
On October 2, 2018, an alert was issued by US-CERT, the Department of Homeland Security, the Department of the Treasury, and the FBI. According to this new alert, Hidden Cobra (the U.S. government’s code name for Lazarus) has been conducting “FASTCash” attacks, stealing money from Automated Teller Machines (ATMs) from banks in Asia and Africa since at least 2016.
Lazarus is a very active attack group involved in both cyber crime and espionage. The group was initially known for its espionage operations and a number of high-profile disruptive attacks, including the 2014 attack on Sony Pictures. More recently, Lazarus has also become involved in financially motivated attacks, including an US$81 million theft from the Bangladesh Central Bank and the WannaCry ransomware.
Following US-CERT's report, Symantec’s research uncovered the key component used in the …
IoC
10AC312C8DD02E417DD24D53C99525C29D74DCBC84730351AD7A4E0A4B1A0EBA
3A5BA44F140821849DE2D82D5A137C3BB5A736130DDDB86B296D94E6B421594C
CA9AB48D293CC84092E8DB8F0CA99CB155B30C61D32A1DA7CD3687DE454FE86C
D465637518024262C063F4A82D799A4E40FF3381014972F24EA18BC23C3B27EE
3A5BA44F140821849DE2D82D5A137C3BB5A736130DDDB86B296D94E6B421594C
CA9AB48D293CC84092E8DB8F0CA99CB155B30C61D32A1DA7CD3687DE454FE86C
D465637518024262C063F4A82D799A4E40FF3381014972F24EA18BC23C3B27EE