Cybersecurity firm Symantec has released a new report claiming that hackers seemingly linked to the North Korean government stole tens of millions of dollars from ATMs across Asia and Africa. They used advanced trojan malware titled “Trojan.Fastcash” to carry out their operations. Lazarus is the hacking group said to be behind this. It infected the servers controlling these ATMs with the malware and were thus able to intercept their own fraudulent transaction request in order to withdraw cash.
Lazarus is believed to be the same hacking group which was behind the crippling hack on Sony Pictures. The group was also reportedly behind the WannaCry ransomware attack which locked people out of their computers and demanded ransom if they wanted access to be restored.
This isn’t the first time that we’re hearing about sophisticated malware being used to withdraw cash from ATMs. Some of you may remember that back in 2017, fraudulent withdrawals were made from ATMs across 30 different countries. A similar attack earlier this year resulted in cash being withdrawn from 23 countries.
Symantec notes in its report that every Fastcash attack carried out so far was done by infecting servers running the unsupported versions of its AIX operating system. This suggests that Symantec has already patched the vulnerabilities being exploited by the hackers in the more recent versions of the OS.