Hackers Attempt False Flag to Divert Attribution to Russia

Researchers at BAE Systems have determined that the hackers behind a cyber campaign targeting 104 organizations—many of them financial institutions—across 31 different countries have intentionally inserted poorly translated Russian words and commands into their malware in an attempt to throw off investigators. The poor translations appear to be based on translation software that at times completely change the meaning by making the comments unintelligible to native Russian speakers.
The Cipher Take:The campaign seemingly began in October last year with hits at banks in Mexico and Uruguay. Researchers connected breaches around the world to the same campaign, most recently with multiple breaches at banks in Poland earlier this month. The sloppy use of Russian comments within the malware seems to be an attempt at diverting attention to Russian criminal groups known to target banks. Instead, security researchers believe the culprit to be the Lazarus group, which has been active since 2009 and responsible for various attacks on organizations in South Korea and the United States – most notably Sony Pictures in 2014. The Lazarus group has also been linked to the theft of $81 million from the central bank of Bangladesh by breaching the SWIFT network, a global monetary transfer system used by banks. The group is thought to be the North Korean government hacking unit, known as Bureau 121. The country is restricted by economic sanctions, making cybercrime one of its few methods of collecting revenue in support of its nuclear ambitions.


No comments :