North Korea (Lazarus Group): One of the three North Korean hacking groups which received sanctions just ten days ago for targeting ATM’s and financial institutions has been seen targeting Indian ATM’s with a new malware linked to them. Named ATMDtrack, the malware has been active since late summer of 2018 on ATM’s and a more advanced version called Dtrack was found on the network of Indian Research centers–which is focused on spying and data theft. Collectively, the malware is being tracked as the Dtrack family. There were similarities found with the malware used in Operation DarkSeoul, which was an operation carried out by the Lazarus Group that targeted South Korea. With the link in the malware and the group being made, this finding only justifies the decision by the US Treasuries Department’s decision to freeze all accounts linked to the group and their monetary gain from illegal hacking. The most recent strains of Dtrack were seen in September 2019 and has many functions of a standard RAT. Samples that are being seen currently can log keystrokes, retrieve browser history, gather host IP addresses, gather information about available networks and active connections, list running processes, and list files on all available disk volumes.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.