A North Korean-linked hacking group increasingly is carrying out financially motivated attacks, suggesting that cyber heists are now one of its main activities in cyberspace, according to a new Symantec report.
The global cyber firm said in a Thursday blog post that the Lazarus Group is a danger to the banking sector after it carried out a series of "FASTCash" attacks, including targeting ATMs in dozens of countries since at least 2016.
"The recent wave of FASTCash attacks demonstrates that financially motivated attacks are not simply a passing interest for the Lazarus Group and can now be considered one of its core activities," the blog post reads.
After initially gaining unauthorized access into a bank's networks, the hackers will compromise the servers handling ATM transactions, according to Symantec. After that, the Lazarus Group unleashes previously unknown malware the firm has identified as Trojan.Fastcash, which allows the attacks to send fake approval responses to the ATM machines as they make off with cash.
"Lazarus continues to pose a serious threat to the banking sector and organizations should take all necessary steps to ensure that their payment systems are fully secured," the blog post reads.
Federal agencies, including the FBI and Department of Homeland Security, issued an alert last month warning that Hidden Cobra — another name for the hacking group — was conducting such attacks.
The Lazarus Group, which is considered to be both active and sophisticated, has carried out a series of high-profile cyberattacks, including cyber espionage operations.
U.S. authorities blamed Lazarus Group for the 2014 cyberattack that devastated Sony Pictures Entertainment, costing the studio millions of dollars and smearing its reputation in a high-profile hack.
The entertainment company stoked anger within the North Korean government over its production of “The Interview,” a controversial comedy in which two American men attempted to kill North Korean leader Kim Jong Un.
Lazarus Group is also believed to be behind the WannaCry attacks that caused major disruptions and affected institutions across the globe.