In a recent cyber-attack on the Turkish financial sector, McAfee issued a report suspecting that North Korea could be responsible for the attack. McAfee’s report released on March 8 stated that hackers from North Korea were being suspected for a cyber-attack on Turkey’s financial sector.
The McAfee Advanced Threat Research team identified the crack by the hacking group dubbed Hidden Cobra to fissure the security of the Turkish government-backed financial institutions between March 2 and March 3.
Although the coverage of McAfee does not formally determine or control cybergroups-states as culprits, they draw attention to documents that the malware code in query closely resembles the code used by a hacker linked to North Korea.
The hackers used an improved malware called “Bankshot” that utilizes a recently discovered vulnerability in Adobe Flash. The cyber-attackers attempted to lure their victims by spear-phishing emails which contained an infected Microsoft Word file called Agreement.docx.
The report also stated that the file seemed like an agreement template for Bitcoin distribution between two parties; an unidentified individual in Paris and a to-be-determined cryptocurrency exchange.
Bankshot implants were distributed from one domain that looks similar to a cryptocurrency-lending platform known as Falcon Coin. However, the mischievous domain falcancoin.io was reportedly created on December 27 last year, and it is not linked to the original platform legally.
Even though there are no reports of stolen money in the cyber-attacks, the research team are confident that the campaign was intentional to acquire remote access to the internal systems of the targeted government-controlled financial organizations. Nevertheless, the report doesn’t reveal which specific organizations were affected.
A team of McAfee also exposed two documents written in Korean that appeared to be part of the same hacking operation but were projected for different targets.
In December 2017, the United States government gave out a warning on Bankshot malware, relating it to Hidden Cobra, a hackers group considered by the U.S. Government to be malicious cyber-criminals working for the government of North Korea.
North Korea has repeatedly been faulted for hacking the South Korean cryptocurrency exchanges, as the global regulations against the country have tightened up over the past year.