The on-going whodunnit regarding cyberattacks on European financial firms through the SWIFT bank messaging services now has the Russian cybersecurity firm Group IB alleging North Korea, through the Lazarus group, is behind the attacks.

In a new report Group IB claims it has found IP addresses uses with the attacks and associated with the Lazarus group were located in the North Korean capital and while noting deducing attribution purely from the malware's code does not always generate the best results, Group IB believes it's evidence doing so is strong enough to point the finger at Lazarus.

“Group-IB specialists have researched this group and now have evidence which identifies that North Korea is behind these attacks: We have detected and thoroughly analyzed multiple layers of C&C infrastructure used by Lazarus and have identified North Korean IP addresses from which the attacks were ultimately controlled,” the company stated in a blog.