Search GSSD

Taiwan Heist: Lazarus Tools and Ransomware

The authors present a technical overview of the cyber-heist against the Far Eastern International Bank in Taiwan. In this attack, the perpetrators were able to transfer money from the bank into other overseas accounts, much like a previous attack targeting the Bangladesh Bank, as well as inject ransomware onto target computers. One of the critical files shows a high level of sophistication – it was a “polyglot”, which is a file encoded inside another file. Furthermore, it attempts to whitelist systems whose local settings are Russian, Ukrainian, and Belarussian, and uses mis-transliterated Russian commands to carry out its processes. As with the version found attacking the Bangladesh Bank, the mis-transliteration is something that a native speaker would not do, which leads to speculation on the researchers’ behalf that the language used is either a false flag or a way to throw off investigators. This threat highlights the increasingly sophisticated methods that are employed by the hackers themselves, the many different ways that hackers attempt to make money, and the deception techniques that attackers are using to bypass security measures and evade capture. Key Words: Bank, cybercrime
Sergei Shevchenko, Hirman Muhammad bin Abu Bakar, James Wong
BAE Systems
Case Studies