Compromiseseverity: Critical2017-04-03

Securelist 'Lazarus Under the Hood' details Bangladesh Bank SWIFT heist

published by Kaspersky (Securelist)

Actor

DPRK state-sponsored intrusion set treated by most vendors as the financial-operations subgroup of Lazarus, attributed to the Reconnaissance General Bureau. Responsible for the major SWIFT-network ba…

Summary

Kaspersky's Global Research and Analysis Team published technical analysis tying the February 2016 fraudulent SWIFT transfers from Bangladesh Bank's New York Federal Reserve account — through which attackers moved roughly $81 million — to the Lazarus cluster's financial subgroup later widely tracked as BlueNoroff / APT38. The report documents shared tooling, infrastructure, and operator tradecraft across attacks on banks in multiple countries.

Primary source

securelist.com

Other BlueNoroff events

2023-11-01Elastic Security Labs exposes KANDYKORN macOS intrusion at crypto exchange
2023-04-21Jamf Threat Labs discloses RustBucket macOS malware tied to BlueNoroff
2022-04-18CISA/FBI/Treasury joint advisory AA22-108A on TraderTraitor
2022-01-13Kaspersky exposes SnatchCrypto campaign draining cryptocurrency startups

Summary

Tags

Primary source

Other BlueNoroff events