London- Cyber hackers who attacked websites of major financial institutions around the world belong to a criminal group, which seeks to imitate other Russian groups to confuse investigators.
Researchers in BAE Systems for aerospace security said they received and analyzed samples of the malware, which targeted 104 institutions and enterprises, most of them banks in 31 countries.
Researchers found that hackers intentionally used Russian words in their software to distract researchers from their real origins. They noted that hackers used online translation tools, which lack correct meaning in the Russian language.
U.S. ADG News said that this inaccurate translation changed the complete meaning of words in some cases, asserting those hackers were not Russians.
Researchers suggested that hackers sought to confuse and distract investigators from their real identity. Analysis results showed that those hackers belonged to a network known as “Lazarus Group”, active since 2009; Lazarus targets institutions and state and civil companies from South Korea to the United States.
This gang has also been linked to an attack on Sony Pictures Entertainment’s internal network that leaked important data and damaged most of the company’s computers. At that time, U.S. intelligence agencies said this malware was led by North Korea.
Researchers say that Lazarus has been involved in a number of aggressive cyberattacks against financial institutions, including the theft of $81m from Bangladesh’s Central Bank.
In February, malware attacked a number of banks in Poland, in which hackers exploited gaps found in the website of the Polish financial regulator. Researchers from BAE Systems and Semantik linked February’s attacks with others that took place in October and targeted many websites of major banks in Mexico and Uruguay, amid clear footprints for Lazarus.
BAE Systems researchers said that many malware gangs specialized in banks hacking have been active in Russia; they sneak to networks for money stealing purposes and Lazarus has sought to imitate these Russian gangs to distract researchers in their quests.
According to Wikipedia, the number of hackers working with Lazarus is unknown and its structure is also foggy. Experts said that this gang kicked off its activity in this field with a special operation to spy on the South Korean Government in 2009-2012.