More than 100 organizations in 31 different countries have fallen victim to watering hole attacks set up by online miscreants in an effort to infect the companies with the malware, according to a blog post by Symantec. Experts believe the attacks have been taking place since October 2016.
The threat was uncovered after a bank in Poland discovered the malware on its computers. After sharing the indicators of compromise with other banks, the institutions confirmed that they too had been compromised.
“As reported, the source of the attack appears to have been the website of the Polish financial regulator,” Symantec wrote in its blog post. “The attackers compromised the website to redirect visitors to an exploit kit which attempted to install malware on selected targets.”
Characteristics of the malware used in the attack, dubbed Ratankba, are believed to be shared with other malware previously associated with the Lazarus hacking group – which was linked to “string of aggressive attacks since 2009” aimed at targets in the U.S. and South Korea.