Several Polish banks hacked information stolen by unknown attackers
Contents
Polish banks are frantically scanning their workstations and servers while checking logs in the search of signs of infection after some of them noticed unusual network activity and unauthorised files on key machines within their networks. This is – by far – the most serious information security incident we have seen in Poland.
It has been a busy week in SOCs all over Polish financial sector. At least a few of Polish 20-something commercial banks have already confirmed being victims of a malware infection while others keep looking. Network traffic to exotic locations and encrypted executables nobody recognised on some servers were the first signs of trouble. A little more than a week ago one of the banks detected strange malware present in a few workstations. Having established basic indicators of compromise managed to share that information with other banks, who started asking their SIEMs for information. In some cases the …
It has been a busy week in SOCs all over Polish financial sector. At least a few of Polish 20-something commercial banks have already confirmed being victims of a malware infection while others keep looking. Network traffic to exotic locations and encrypted executables nobody recognised on some servers were the first signs of trouble. A little more than a week ago one of the banks detected strange malware present in a few workstations. Having established basic indicators of compromise managed to share that information with other banks, who started asking their SIEMs for information. In some cases the …
IoC
125.214.195.17
196.29.166.218
1BFBC0C9E0D9CEB5C3F4F6CED6BCFEAE
496207DB444203A6A9C02A32AFF28D563999736C
4F0D7A33D23D53C0EB8B34D102CDD660FC5323A2
85D316590EDFB4212049C4490DB08C4B
BEDCEAFA2109139C793CB158CEC9FA48F980FF2B
C1364BBF63B3617B25B58209E4529D8C
CC6A731E9DAFF84BAE4214603E1C3BAD8D6735B0CBB2A0EC1635B36E6A38CB3A
D4616F9706403A0D5A2F9A8726230A4693E4C95C58DF5C753CCC684F1D3542E2
FC8607C155617E09D540C5030EABAD9A9512F656F16B38682FD50B2007583E9B
http://sap.misapor.ch/vishop/view.jsp?pagenum=1
http://www.knf.gov.pl/DefaultDesign/Layouts/KNF2013/resources/accordian-src.js?ver=11
https://sap.misapor.ch/vishop/view.jsp?pagenum=1
https://www.eye-watch.in/design/fancybox/Pnf.action
196.29.166.218
1BFBC0C9E0D9CEB5C3F4F6CED6BCFEAE
496207DB444203A6A9C02A32AFF28D563999736C
4F0D7A33D23D53C0EB8B34D102CDD660FC5323A2
85D316590EDFB4212049C4490DB08C4B
BEDCEAFA2109139C793CB158CEC9FA48F980FF2B
C1364BBF63B3617B25B58209E4529D8C
CC6A731E9DAFF84BAE4214603E1C3BAD8D6735B0CBB2A0EC1635B36E6A38CB3A
D4616F9706403A0D5A2F9A8726230A4693E4C95C58DF5C753CCC684F1D3542E2
FC8607C155617E09D540C5030EABAD9A9512F656F16B38682FD50B2007583E9B
http://sap.misapor.ch/vishop/view.jsp?pagenum=1
http://www.knf.gov.pl/DefaultDesign/Layouts/KNF2013/resources/accordian-src.js?ver=11
https://sap.misapor.ch/vishop/view.jsp?pagenum=1
https://www.eye-watch.in/design/fancybox/Pnf.action