Kaspersky Labs links North Korea to Bangladesh Bank heist
04 April 2017 | 6830 views | 0
Security outfit Kaspersky Labs has become the latest voice to raise the possibility that North Korea was involved in last year's $81 million Bangladesh Bank cyberattack.
Last February, hackers used the Swift messaging system to convince the Federal Reserve Bank of New York to transfer $81 million from the Bangladesh central bank's account to accounts they controlled in the Philippines.
Since then, a well-known hacking collective known as Lazarus has been named as the likely culprit of the attack and many others, including on financial institutions and on Sony's Hollywood studio.
Kaspersky has been investigating the group for more than a year and says that Lazarus is careful to wipe traces but that it made a mistake on one heist.
In preparation for the operation, a breached server was configured as the command and control centre for the malware. The first connections made on the day of configuration were coming from a few VPN/proxy servers indicating a testing period; however, there was one short connection on that day which was coming from a "very rare" IP address range in North Korea.
Kaspersky says that this points to a possible origin of the Lazarus group or at least some of its members but stresses that "this is not enough proof to provide definitive attribution given that the connection session could have been a false flag operation".
However, Kaspersky is not the first to link the Bangladesh attack with North Korea. As reported by the New York Times, last month National Security Agency deputy director Richard Ledgett told a conference that research linked the bank attack to the Sony hack "forensically" and that "if that's true, then that says to me that the North Koreans are robbing banks. That's a big deal".
Meanwhile, at a separate conference last month in Toronto, James Lewis from the Canadian Security Intelligence Service (CSIS) also pointed at North Korea, arguing that this represents a new strategy by the country as it looks to source funds for government programmes.
The Wall Street Journal says that US prosecutors are already building potential cases related to the hack that would accuse North Korea of working with Chinese middlemen.