Russian cyber security firm Group-IB said on Tuesday that a digital crime gang called Lazarus, which had recently hacked into and stolen money from the Central Bank of Bangladesh, is actually controlled by North Korean intelligence.
Releasing a report on the matter, Group-IB said in a release here that $81 million stolen from the Bangladesh central bank's US Federal Reserve account in New York was the handiwork of Lazarus, which "is allegedly controlled by Bureau 121, a division of the Reconnaissance General Bureau, a North Korean intelligence agency."
"Deep analysis of the cybercriminals' command and control infrastructure as well as detailed threat intelligence information enabled Group-IB researchers to prove that the attacks were managed from Pyongyang (North Korean capital)."
In February last year, hackers inserted malware on a SWIFT (Society for Worldwide Interbank Telecommunication) terminal used by Bangladesh's central bank, obtained credentials needed for payment transfers from the New York Federal Reserve, and thereafter transferred $81 million to fake accounts in the Philippines and Sri Lanka. By the time the fraud was discovered, the New York branch of the U.S. central bank had approved five of the payments.
"In 2016 the group attempted to steal about $951 million from the Central Bank of Bangladesh SWIFT. However a mistake in a payment request cut the criminals' income to only $81 million," Group-IB said.
"Lazarus (also known as the Dark Seoul Gang) is known to hack governmental, military, and aerospace institutions worldwide," it added.
The Russian specialists said Lazarus is known for its 2014 hacking attack on Sony Pictures, when personal information of employees, internal e-mails and copies of then unreleased Sony films, among other information, were made public.
Group-IB said that unlike previous reports, this one has focused on research on infrastructure built by the hacker group to conduct their attacks.
"Despite the complex three-layer architecture and other advanced techniques, the researchers managed to identify that the group was operating from Potonggang District in North Korea, where, perhaps coincidentally, the National Defence Commission was located," the statement said.
"Taking into consideration strengthening economic sanctions against North Korea as well as the geopolitical tension in the region, we expect new wave of Lazarus attacks against global financial institutions," said Group-IB co-founder Dmitry Volkov.