Kaspersky Lab recently completed a year-long investigation into Lazarus, the hacking group allegedly responsible for the theft of $81 million from the Central Bank of Bangladesh in 2016, which is widely considered to be the largest cyber heist ever.
Kaspersky said it "gained a deep understanding of what malicious tools the group uses and how it operates," which allowed the company to interrupt two "potential" Lazarus operations attempting to steal large amounts of money from financial institutions, according to an announcement.
Malware samples linked to Lazarus appeared in financial institutions, casinos, software developers for investment companies and crypto-currency businesses in countries across the world beginning in 2015, according to Kaspersky. The countries included Korea, Bangladesh, India, Vietnam, Poland and Iraq, to name a few. The latest samples were detected in March 2017, indicating that the group is still active.
The report illustrates how Lazarus instigated complex, long-lasting attacks starting when a single system inside a bank was breached with remotely accessible code or through a watering hole attack. The attacks show how a simple breach can grow into something much bigger and more damaging at the hands of a group of sophisticated hackers.
Though Lazarus was extremely good at erasing its tracks, Kaspersky did find at least one serious mistake wherein the group left clues behind, which ultimately allowed Kaspersky to stop the group a number of times as it pursued other attacks. However, Lazarus also adapts and learns from its mistakes quickly, indicating there may be much more to come from the group.
Researchers previously established links between Lazarus and 1,000 malicious file samples and connected the group to DDoS attacks against major organizations in South Korea and the U.S., including government, media, military, aerospace, financial and critical infrastructure groups. Lazarus was also linked to the attack on Sony Pictures, which cost that company an estimated $35 million in IT repairs.