Lazarus, North Korea-linked hacking group that was behind the notorious WannaCry attack, managed to steal tens of millions of dollars from ATMs in Asia and Africa, according to a report from security firm Symantec. The hackers deployed malware called Trojan.FastCash and infected thousands of servers that communicate with ATMs. It then used that access to approve its own fraudulent transactions and withdraw money from the machines.
The FastCash scheme has been going on for years. According to Homeland Security’s Computer Emergency Readiness Team (US-CERT), which issued a warning about the attack last month, the trojan has been active since 2016 and has been used in a number of widespread campaigns. In 2017, the hackers used FastCash to simultaneously withdraw money from ATMs in 30 different countries. Another hit that happened earlier this year drained cash across 23 countries. In most cases, the hit banking servers that are running out of date operating systems, meaning the exploit may have been patched in more recent versions of the software.
The ATM hacks are just Lazarus’ latest high-profile attack. The group, which is believed to have ties to the North Korean government, has been behind a number of noteworthy hacks. Lazarus carried out the 2014 attack on Sony Pictures that led to the leak of The Interview and a significant amount of private documents and emails. They were also behind an $81 million theft of a Bangladesh Bank in 2016 and last year’s WannaCry ransomware outbreak that infected hundreds of thousands of machines around the world.