Lazarus, a network of hackers who target financial organizations, has recently been identified as the prime suspect with regards to the recent Redbanc attack.
The breach occurred in December 2018, but was kept under covers by the Chilean Bank. Recently, Experts have reportedly lashed out at the bank for doing so. Shortly after the news was release experts were swiftly able to confirm the intensity of the attack.
Experts have concluded that this was no minor breach and that it should not have been ignored. They also added that they suspect the Korean hackers ring Lazarus, to be responsible for the act, but need to further investigate the matter to confirm the same. The matter was in the limelight, ever since Senator Felipe Harboe’s recent tweet about it.
The Trap
The threat actors launched a pre-planned attack to target and infiltrate financial organizations. They set the wheels in motion by posting a requirement on LinkedIn jobs. Apparently, an opening was found suitable by a RedBanc employee, who applied for the same. Next, the target was interviewed over Skype and was directed to install a particular software application in order to go ahead with the recruitment process. Unknown to the applicant, the software application was a malicious one which led to the infiltration of the entire bank’s systems.
The Lazarus-Chilean Bank Connection
The malware used in this attack has been linked to the Lazarus group due to its previous history. This malware further installs certain software that transfers Redbanc’s confidential data to remote servers. Getting through Chilean banks is nothing new for the Lazarus Group, which had earlier launched an attack on yet another Chilean Bank, Banco De Chile.
The incident is yet another example of how one unsuspecting employee can put an entire system’s IT Infrastructure at risk. This clearly showcases the need for better IT Infrastructure planning and education, among large organizations, particularly ones that manage sensitive personal and financial data.