Group IB fingers Lazarus as being behind recent SWIFT attacks

The on-going whodunnit regarding cyberattacks on European financial firms through the SWIFT bank messaging services now has the Russian cybersecurity firm Group IB alleging North Korea, through the Lazarus group, is behind the attacks.

In a new report Group IB claims it has found IP addresses uses with the attacks and associated with the Lazarus group were located in the North Korean capital and while noting deducing attribution purely from the malware's code does not always generate the best results, Group IB believes it's evidence doing so is strong enough to point the finger at Lazarus.

“Group-IB specialists have researched this group and now have evidence which identifies that North Korea is behind these attacks: We have detected and thoroughly analyzed multiple layers of C&C infrastructure used by Lazarus and have identified North Korean IP addresses from which the attacks were ultimately controlled,” the company stated in a blog.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.