It may not feel ethically right for some to search for other jobs on a work computer, but little did a Redbanc employee know that his job search would lead to North Korean hackers gaining access to Chile’s entire ATM network. The hackers had set up a Skype interview for a fake job in order to compromise his computer. Redbanc is the company the handles the entire ATM network in Chile.
The employee in question reached out when he discovered a LinkedIn job posting for a developer position. Once the Skype interview was set, he was asked to install a program titled ApplicationPDF.exe on the computer.
The person was told that this was part of the process and would generate a standard application form. It was obviously not what it was claimed to be, it infected the computer with malware. Once the malware was installed, the hackers siphoned important information off of it and later deliver a second-stage payload to the device.
The link to North Korea became evident when security company Flashpoint reported that the malware was using PowerRatankba, a toolkit that the Lazarus Group has used in the past. The group is believed to have ties to Pyongyang. It’s the hacking group said to be behind the disastrous Sony hack of 2014.
This attack took place in December last year but was only made public when Chilean Senator Felipe Harboe called out Redbanc for not disclosing the breach in a timely fashion.