McAfee Suspects North Korea In Recent Cyberattack On Turkish Financial Sector

North Korean hackers are suspected in a cyberattack on Turkey’s financial sector, as stated in a report released by McAfee March 8.

The McAfee Advanced Threat Research team identified an attempt by the hacking group Hidden Cobra to breach the security of Turkish government-backed financial institutions on March 2 and 3.

While McAfee policy is to not officially identify cyber groups from nation-states as culprits, they mention in the report that the code of the malware in question closely resembles code used by a hacking operative associated with North Korea.

The hackers used modified malware known as a “Bankshot” which utilized a recently revealed vulnerability in Adobe Flash. The attackers tried to lure their victims with spear-phishing emails containing an infected Microsoft Word file named Agreement.docx.

The file appeared to be an agreement template for Bitcoin distribution between an unknown individual in Paris and a to-be-determined cryptocurrency exchange, the report says.

Bankshot implants were distributed from a domain similar to the cryptocurrency-lending platform Falcon Coin, but the malicious domain falcancoin.io was created December 27, 2017, and is not legally associated with the original platform.

Though there have been no reports of stolen money in the attacks, the research team believes the campaign intended to get remote access to the internal systems of the targeted government-controlled financial organizations. The report, however, does not reveal which specific organizations were affected.

The McAfee team also discovered two documents written in Korean, which appear to be part of the same hacking campaign, but were intended for different targets.

Back in December 2017, the US government issued a warning about Bankshot malware, linking it to Hidden Cobra, a group of hackers the U.S. Government considers malicious cyber-criminals working for the North Korean government.

North Korea has been repeatedly accused of hacking South Korean cryptocurrency exchanges, as international sanctions against the country have tightened over the past year.

Turkish Police Arrest 24 Suspects Involved in Hacking Crypto Firm, Local Media Reports   Feb. 13, 2019
Report: North Korean Hackers Created Realistic Trading Bot to Steal Money   Feb. 5, 2020
Report: Record-Breaking Coincheck Hack Perpetrated by Virus Tied to Russian Hackers   June 17, 2019
UpBit Exchange Phishing Email Scam Came From North Korea, Source Claims   May 31, 2019
Are crypto and blockchain safe for kids, or should greater measures be put in place?   Feb. 26, 2022