Symantec Corporation said, in a blog post on Thursday, May 27, that the North Korean-linked hacker group has made its fourth attack to a Philippine bank.
Symantec Corporation, a cybersecurity company, said on Thursday that the group known as Lazarus had met its fourth victim in the form of a Philippine bank.
While Symantec did not name the Philippine bank or say whether any money was stolen, they said that malware was traced in October 2015, two months prior to the failed bank heist in Vietnam.
“Malware used by the group was also deployed in targeted attacks against a bank in the Philippines. In addition to this, some of the tools used share code similarities with malware used in historic attacks linked to a threat group known as Lazarus,” Symantec researchers had said in the blog post.
The Society for Worldwide Interbank Financial Telecommunication (SWIFT) has released warnings about ‘Lazarus’ wide-range campaign and said that hackers exploited vulnerabilities at two unnamed banks to gain access to their fund transfer systems, which then give instructions to the SWIFT network.
Central Bank of the Philippines Deputy Governor Nestor Espenilla told reporters that no bank in the country had lost money to hackers, although he did not rule out the possibility of cyberattacks.
“We are checking if there are similar attacks on Philippine banks,” Espenilla said. “However, no reported losses so far. It is one thing to be attacked. It is another to lose money.”
If the Symantec report is confirmed, the Philippines incident would represent the fourth known cyberattack against a bank involving fraudulent messages from the global financial interbank platform SWIFT since the beginning of last year and including the attack against Sony, which the US officials linked to North Korea.
“The discovery of more attacks provides further evidence that the group involved is conducting a wide campaign against financial targets in the region,” Symantec concluded.