FASTCash

It would seem that the infamous Lazarus hacking group has made it back in the news. These particularly skilled cyber crooks also go by the name Hidden Cobra APT group (advanced persistent threat) and have been wreaking havoc globally for years now. Their most lasting project is their unceasing campaigns targeting ATMs all around the world. Lazarus is believed to originate from North Korea and is the group of cybercrooks behind the huge Sony Corporation breach back in 2014.

What have they done this time? They created FASTCash. This is a tool that would allow them to breach a bank server and alter the settings of an ATM, which would let Lazarus manipulate its behavior for their own benefit. This latest attack is concentrated in Africa and Asia primarily, but it is not guaranteed that the cybercriminals will not launch the same operation elsewhere.

As always, Lazarus has outdone themselves. The complex multi-stage attacks are executed flawlessly. The first goal is to recognize which servers are the ones that handle the ATM transactions, which means that Lazarus has to infiltrate the bank network. When this step is completed, the hacker group will deploy the FASTCash Trojan. The purpose of FASTCash is to identify when the attackers are making a withdraw request and approve of it, at all times.

Lazarus usually goes big, and the operations involving FASTCash have been just that. It is speculated that the hacking group has acquired over ten million dollars by emptying ATMs in tens, upon tens of countries in 2017 and 2018. Banks, governments, and other institutions need to step up their game because players like Lazarus are ever evolving new ways to conduct their shady schemes.