Kaspersky: Global network of hacked servers used in Bangladesh heist | Inquirer Business

Kaspersky: Global network of hacked servers used in Bangladesh heist

By: - Business News Editor / @daxinq
/ 05:12 AM October 26, 2017

Russian cybersecurity firm Kaspersky Lab has uncovered compromised servers around the world, including many in the Asia-Pacific region, being used by the notorious cybercrime group Lazarus for its hacking activities including last year’s $81-million heist on the Bangladeshi central bank.

In a press statement, Kaspersky Lab said these hacked servers were part of the groups’ global command and control infrastructure and were found in Indonesia, India, Bangladesh, Malaysia, Vietnam, South Korea, Taiwan and Thailand, among others.

These hacked servers “could be used by Lazarus to launch targeted attacks against a company or organization,” the firm said, adding that “the Korean language group is thought to be state-sponsored.”

Article continues after this advertisement

The researchers discovered the servers had been infected using malware called “Manuscrypt,” which the hackers had been using since 2013. The malware was installed by exploiting a vulnerability in Microsoft Internet Information Services 6.0 that was patched by Microsoft in June 2017.

FEATURED STORIES

“Many servers worldwide remain at risk of this exploit,” Kaspersky Lab said. “Three of the top five countries that still have servers carrying this vulnerability are in the Asia-Pacific region: China (with 7,848 servers), India (1,524) and Hong Kong (1,102).”

“The US tops the list with the most vulnerable servers (11,949), while United Kingdom ranks fifth with 805,” it added.

Article continues after this advertisement

Successful exploits allow the malware to hand control of the compromised host to the attacker and easily implant additional malware on the server. Kaspersky Lab researchers have also found several tools on the servers, including an information harvester. Using this information gathering tool, the attacker can then steal information from the victim’s own infrastructure.

Article continues after this advertisement

Apart from the Bangladesh bank heist, Lazarus is also believed to be behind the 2014 hacking of Sony Pictures and the recent WannaCry ransomware epidemic.

Article continues after this advertisement

“Companies are increasingly worried about being hit by advanced targeted attack groups like Lazarus,” Kaspersky Lab senior security researcher Park Seongsu said. “Unknown to them, their own corporate servers could be infected and manipulated by the hackers against them, or used to launch attacks on others.”

Park predicts that with these incidents targeting enterprise networks, IT security priorities and processes will need to adapt as customers will require technology that is combined with intelligence and expertise, to protect them from both known and unknown threats.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TAGS: Bangladeshi central bank, cybercrime, cybersecurity, Kaspersky Lab, Lazarus

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.