North Korea-linked hackers target Ethiopian banks
Kaspersky Lab, a Russian multinational cyber security and anti-virus provider, listed Ethiopian banks among those that are under cyber-attacks by a North Korean-linked hackers group a.k.a. Lazarus hackers.
A new research by the company indicates that a series of hacking operation by Lazarus is targeting financial institutions in 18 countries around the world. The research stated that Ethiopia, Kenya, Gabon and Nigeria are the only African countries that are affected by the attack.
The latest attacks known to Kaspersky Lab were detected in March 2017, showing that attackers have no intention of stopping, read the press release issued by the company. Established in 1997 by Eugene Kaspersky, who is now the CEO the company, Kaspersky has collect total revenue of 619 million dollars in 2015.
Just three weeks ago, six employees of Bank of Abyssinia (BoA) were arrested in connection to swift account theft of the bank. The individuals were allegedly accused of involving in a 1.2 million dollars unauthorized transaction by the bank.
The theft attempt was made through instructions sent to Citi Bank, New York, and Commerzbank AG, which is based in Frankfurt, Germany, ordering the two banks to withdraw 1.2 million dollars from BoA’s account.
From the total amount, 745,000 dollars from Citi Bank, New York, and 465,000 dollars from Commerzbank AG, Frankfurt, was targeted.
According to sources, the instruction was made though the Bank’s CORE banking which sent instruction to a SWIFT account.
By the time the money from Citi Bank was being withdrawn, the bank has managed to stop the remaining amount. The theft was noticed upon Commerz’s intervention.
The Citi Bank is trying to re-collect the 600,000 dollars; Aschalew Tamiru, marketing communications and operation manager at BoA told The Reporter three weeks ago. He also said his bank has managed to recover 189,000 dollars of the money lost form Citi Bank.
Aschalew was not available for comment on the recent development of the case despite repeated attempts made by The Reporter.
This might also be a result of collusion between staff members and outside parties, a Banker, who specializes in international banking, told The Reporter three weeks ago.
“We have seen several victims compromised with large set of Lazarus malware tools,” Olga Bezpyatkina, Corporate Communications Manager at Kaspersky, told The Reporter in an email response yesterday.
“We think those infections were quite serious and could indicate a preparation for a major theft of money,” Bezpyatkina said.
Similar attacks on a bank’s correspondent account were made from Russian central bank. The attempt targeted 45 million dollars.
Again in the same year Bangladesh Bank was also targeted. The attackers used malware that allowed them to hack into SWIFT software and stole 81 million dollars.
The same report by Kaspersky linked the hackers to North Korean government. A number of cyber attacks are attributed to the group including the notable 2014 attack on Sony Pictures. The group is also said to be behind a number of cyber espionage campaign which targets South Korean government.
The most recent attack attributed to the group is recent 2016 bank heists, which included an attack on a Bangladesh bank, successfully stealing USD 81 million.
“I know there is a project jointly run by the National Bank of Ethiopia, Information Network Security Agency (INSA), Ethiopian Bankers Association and Ethiopian Insurers Association,” a bank CEO told The Reporter.
The project aspires to develop ways of protecting financial institutions from similar attacks, the CEO said. Yet, the project is under discussion.
“We know about the report by Kaspersky but it is too early to comment on the matter,” an official from INSA told The Reporter.
Just last year, Commercial Bank of Ethiopia inaugurated its security center in a bid to mitigate cyber-attacks.
“We have seen several victims in Ethiopia; however, our attempts to start cooperation failed because unfortunately banks decided to not accept our help,” Bezpyatkina said.
“Lazarus is hunting for less protected financial institutions, especially from developing countries, because they are the easiest prey for them,” Bezpyatkina said.