McAfee Suspects North Korea In Recent Cyberattack On Turkish Financial Sector

Published at: March 9, 2018

North Korean hackers are suspected in a cyberattack on Turkey’s financial sector, as stated in a report released by McAfee March 8.

The McAfee Advanced Threat Research team identified an attempt by the hacking group Hidden Cobra to breach the security of Turkish government-backed financial institutions on March 2 and 3.

While McAfee policy is to not officially identify cyber groups from nation-states as culprits, they mention in the report that the code of the malware in question closely resembles code used by a hacking operative associated with North Korea.

The hackers used modified malware known as a “Bankshot” which utilized a recently revealed vulnerability in Adobe Flash. The attackers tried to lure their victims with spear-phishing emails containing an infected Microsoft Word file named Agreement.docx.

The file appeared to be an agreement template for Bitcoin distribution between an unknown individual in Paris and a to-be-determined cryptocurrency exchange, the report says.

Bankshot implants were distributed from a domain similar to the cryptocurrency-lending platform Falcon Coin, but the malicious domain falcancoin.io was created December 27, 2017, and is not legally associated with the original platform.

Though there have been no reports of stolen money in the attacks, the research team believes the campaign intended to get remote access to the internal systems of the targeted government-controlled financial organizations. The report, however, does not reveal which specific organizations were affected.

The McAfee team also discovered two documents written in Korean, which appear to be part of the same hacking campaign, but were intended for different targets.

Back in December 2017, the US government issued a warning about Bankshot malware, linking it to Hidden Cobra, a group of hackers the U.S. Government considers malicious cyber-criminals working for the North Korean government.

North Korea has been repeatedly accused of hacking South Korean cryptocurrency exchanges, as international sanctions against the country have tightened over the past year.

Tags
Related Posts
Turkish Police Arrest 24 Suspects Involved in Hacking Crypto Firm, Local Media Reports
Turkish police have arrested 24 people allegedly involved in a 13 million Turkish lira ($2.47 million) hack from an unnamed crypto firm in Istanbul, local government-backed media Daily Sabah reported on Feb. 12. Following a report of an alleged hack from a crypto-related company in Istanbul, the city police’s Cybercrime Department found that that stolen money was moved out directly from hacked accounts to accounts on other exchanges. The money was reportedly stolen in major cryptocurrencies including Bitcoin (BTC), Ethereum (ETH) and Ripple (XRP). Turkish police further launched an operation to track the suspects, and discovered that the suspected individuals …
Government / Feb. 13, 2019
Report: North Korean Hackers Created Realistic Trading Bot to Steal Money
The North Korean hacking team Lazarus Group targeted several crypto exchanges last year, Chainalysis reports. One of the attacks involved the creation of a fake, but realistic trading bot website that was offered to employees of DragonEx exchange. In March 2019 the hackers stole approximately $7 million in various cryptocurrencies from Singapore-based DragonEx exchange. Though a relatively small sum, the hackers went to great lengths to obtain it. The group used a sophisticated phishing attack where they created a realistic website and social media presence for a fake company named WFC Proof. The supposed company had created Worldbit-bot, a trading …
Cryptocurrency Exchange / Feb. 5, 2020
Report: Record-Breaking Coincheck Hack Perpetrated by Virus Tied to Russian Hackers
The personal computers of employees at hacked Japanese crypto exchange Coincheck have allegedly been found to have been infected by a virus associated with a hacker group of Russian origin. The allegation was reported by Cointelegraph Japan on June 16. As Cointelegraph has reported, in January 2018, Coincheck suffered an industry record-breaking hack when $534 million worth of NEM was stolen from its wallets. Cointelegraph Japan cites a report from Japanese media agency Asahi Shimbun, which claims that fresh research has cast doubt on prior assumptions that the high-profile hack had been perpetrated by attackers with a North Korean connection. …
Cryptocurrency Exchange / June 17, 2019
UpBit Exchange Phishing Email Scam Came From North Korea, Source Claims
Hackers from North Korea were behind a phishing scam targeting users of South Korean cryptocurrency exchange UpBit, Korean-language cryptocurrency news outlet CoinDesk Korea reported on May 29. According to findings by local cybersecurity firm East Security, the scam came in the form of an email sent to UpBit users requesting account information. The pretence was a fake giveaway, with the emails also containing a file called “Event Winner Personal Information Collection and Usage Agreement.hwp,” which would run malicious code when opened. UpBit had alerted traders a day before, warning anyone receiving an email from the address “[email protected]” to discard it. …
Cryptocurrency Exchange / May 31, 2019
Are crypto and blockchain safe for kids, or should greater measures be put in place?
Crypto is going mainstream, and the world’s younger generation, in particular, is taking note. Cryptocurrency exchange Crypto.com recently predicted that crypto users worldwide could reach 1 billion by the end of 2022. Further findings show that Millennials — those between the ages of 26 and 41 — are turning to digital asset investment to build wealth. For example, a study conducted in 2021 by personal loan company Stilt found that, according to its user data, more than 94% of people who own crypto were between 18 and 40. Keeping children safe While the increased interest in cryptocurrency is notable, some …
Adoption / Feb. 26, 2022