A new report from a Russian online cyber security firm, Kaspersky, has observed that North Korean hackers are attacking banks in 18 countries, including Nigeria.
The organisation noted in its report that this could be regarded as the biggest bank heists in world history.
Banks and security researchers have previously identified four similar cyber-heists attempted on financial institutions in Bangladesh, Ecuador, the Philippines and Vietnam.
But researchers at Kaspersky now say the same hacking operation — known as “Lazarus” — also attacked financial institutions in Costa Rica, Ethiopia, Gabon, India, Indonesia, Iraq, Kenya, Malaysia, Nigeria, Poland, Taiwan, Thailand, and Uruguay.
This report is coming after more than a year-long investigation into the activity of “Lazarus”, the hacking group allegedly responsible for the theft of $81 million in US currency from the Central Bank of Bangladesh last year.
The suggestion that North Korea could have been behind the attack, or at least involved, has added to concerns that the pariah nation is becoming bolder in its cyber attacks against global financial institutions.
According to CNN, North Korea’s mysterious Lazarus hacking operation has been blamed for several large international cyber attacks in recent years. The hackers can be traced back to North Korea, according to Kaspersky researchers.To hide their location, hackers typically launch cyber attacks from computer servers far from home.
To hide their location, hackers typically launch cyber attacks from computer servers far from home.
According to Kaspersky, the Lazarus hackers carefully routed their signal through France, South Korea and Taiwan to set up that attack server. But there was apparently one mistake spotted by Kaspersky: A connection that briefly came from North Korea.
“North Korea is a very important part of this equation,” said Vitaly Kamluk, who leads Kaspersky’s Asia-Pacific research team.
The North Korean government has reportedly denied allegations of the hack.
Kaspersky Lab itself has said that despite the evidence of the North Korean IP address, that “is not enough proof to provide definitive attribution given that the connection session could have been a false flag operation.”