North Korean hackers tricked a staffer at Chilean interbank network Redbanc into a fake Skype job interview and then duped him into downloading malware onto his work computer, according to local press reports.
The hapless victim responded to a developer job advert on LinkedIn, spoke to the prospective "employers" over Skype and was then asked to install a program that would supposedly generate an application form, according to local tech news site trendTIC.
Instead, malware was installed, enabling the hackers to gain access to the staffer's work computer username, hardware and OS, and proxy settings. This information was then used to deliver a second-stage payload.
Last week Redbanc confirmed it had been attacked back in December after Chilean Senator Felipe Harboe used Twitter to accuse the ATM network operator of covering the breach up.
In a statement, the firm says "the event had no impact on our operations, keeping our services running smoothly".
As for who was behind the incident, security firm Flashpoint has linked publicly referenced samples to PowerRatankba, a malware toolkit with ties to North Korea-affiliated hacker group Lazarus.
North Korea has also been linked to an incident last year that saw hackers infiltrated the IT systems of Banco de Chile with disk-wiping malware, causing chaos and distracting from the theft of $10 million via the international Swift network.
Separately, several West African banks have been hit by a wave of cyber attacks, according to Symantec.
Firms in Cameroon, Congo (DR), Ghana, Equatorial Guinea, and Ivory Coast have been attacked since mid-2017 by criminals using four distinct campaigns, which may have been carried out by one or several groups.
Symantec says the attacks have been using off-the-shelf malware and “living off the land” tactics — namely the use of operating system features or network administration tools to compromise victims' networks.
Editorial | what does this mean?