09 November 18, 12:53
(This post was last modified: 09 November 18, 12:53 by silversurfer.)
Quote:Symantec revealed that the Lazarus Group has been successful in its “FASTCash” operations by first targeting the banks' networks.
“The operation known as 'FASTCash' has enabled Lazarus, to fraudulently empty ATMs of cash. To make the fraudulent withdrawals, Lazarus first breaches targeted banks’ networks and compromises the switch application servers handling ATM transactions,” Symantec wrote in today’s blog post.
“Once these servers are compromised, previously unknown malware (Trojan.Fastcash) is deployed. This malware in turn intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs.”
By injecting a malicious Advanced Interactive eXecutive (AIX) executable into a legitimate process on the switch application of the network that handles ATM transactions, the attacker is able to monitor incoming messages and intercept fraudulent, attacker-generated transaction requests, preventing them from reaching the switch application.
Source: https://www.infosecurity-magazine.com/ne...gets-bank/
![[-]](https://www.geeks.fyi/images/collapse.png)
