Russian Company Pins European Bank Attacks on North Korea

Group-IB’s Findings Add to Growing Body of Circumstantial Evidence

Russian threat intelligence firm Group-IB alleges that North Korea is behind recent attacks against financial institutions in Europe employing fraudulent SWIFT messages. But other experts caution that such conclusions shouldn’t be made solely based on technical data.

Moscow-based Group-IB, which advises financial institutions on cybercrime activity, says it investigated attacks executed early this year by the Lazarus hacking group, which is suspected of having links to the Pyongyang-based regime in North Korea.

Group-IB says it “collected a broad range of data, both technical and strategic, which places clear attribution on North Korea,” according to a 53-page report, released Tuesday. The same day, Group-IB described details of many of its findings in a blog post.

The computer security company Symantec has done extensive research into the Lazarus group, although it is cautious about attributing attacks to nations or individuals. Vikram Thakur, a technical director at Symantec who reviewed Group-IB’s findings, says IP addresses – referenced by Group-IB in its assessment – serve as “very weak” signals for attribution.

Continue reading…