Lazarus Continues Heists, Mounts Attacks on Financial Organizations in Latin America
Contents
Malware
Lazarus Targets Latin American Financial Companies
The cybercriminal group Lazarus and its subgroup Bluenoroff saw a resurgence of activity recently, having successfully planted their backdoor into several machines of financial institutions across Latin America.
Save to Folio
The cybercriminal group Lazarus, and particularly its subgroup Bluenoroff, has a history of attacking financial organizations in Asia and Latin America. There seems to be a resurgence of activity from the group, and recent events show how their tools and techniques have evolved. Just last week they were found stealing millions from ATMs across Asia and Africa. We also recently discovered that they successfully planted their backdoor (detected by Trend Micro as BKDR_BINLODR.ZNFJ-A) into several machines of financial institutions across Latin America.
We determined that these backdoors were installed on the targets’ machines on September 19 2018, based mainly on the service creation time of the loader component. We also saw that the attack technique bears some …
Lazarus Targets Latin American Financial Companies
The cybercriminal group Lazarus and its subgroup Bluenoroff saw a resurgence of activity recently, having successfully planted their backdoor into several machines of financial institutions across Latin America.
Save to Folio
The cybercriminal group Lazarus, and particularly its subgroup Bluenoroff, has a history of attacking financial organizations in Asia and Latin America. There seems to be a resurgence of activity from the group, and recent events show how their tools and techniques have evolved. Just last week they were found stealing millions from ATMs across Asia and Africa. We also recently discovered that they successfully planted their backdoor (detected by Trend Micro as BKDR_BINLODR.ZNFJ-A) into several machines of financial institutions across Latin America.
We determined that these backdoors were installed on the targets’ machines on September 19 2018, based mainly on the service creation time of the loader component. We also saw that the attack technique bears some …
IoC
107.172.195.20
192.3.12.154
46.21.147.161
http://107.172.195.20
http://192.3.12.154
http://46.21.147.161
192.3.12.154
46.21.147.161
http://107.172.195.20
http://192.3.12.154
http://46.21.147.161