North Korea-linked Lazarus group carried out hack on Taiwanese bank

A hack on Taiwan’s Far Eastern Bank was carried out by the Lazarus group, which is said to have ties to North Korea, according to security firm BAE Systems. The group tried to steal $60 million, according to local sources, but ended up getting a fraction.

In an analysis of the incident, the security company writes that it has obtained the malware used in the internet attack. These include tools previously used by Lazarus. The researchers also found a ransomware variant called Hermes. They say it was most likely used to distract the bank’s security officers while the attack was being carried out. According to a timeline published by BAE Systems, this occurred at the beginning of this month. Several Swift transactions would have been carried out.

The researchers found malware previously used in attacks on financial institutions in Poland and Mexico. Below that is a backdoor that contains several Russian commands. However, in a previous analysis, the company concluded that the malware was not written by a native Russian person and that words had been translated verbatim. That is why the operation would be a so-called false flag, in which attention is drawn to other parties.

Reuters reports citing local sources that the attackers attempted to steal $60 million, but the bank was ultimately able to recover the money except for half a million dollars. The Lazarus group was linked by various security companies, among others, with the hack on the central bank of Bangladesh and WannaCry.