Kaspersky has urged all organisations to carefully scan their networks for the presence of Lazarus malware samples and, if detected, to disinfect their systems and report the intrusion to law enforcement and incident response teams.
The warning was follow up to the results of Kaspersky more-than-year-long investigation into the activity of Lazarus – a notorious group of hackers allegedly responsible for the theft of 81 million dollars from the Central Bank of Bangladesh in 2016.
A report from an investigation carried by Kaspersky Lab found that from December 2015, malware samples relating to Lazarus group activity appeared in financial institutions, casinos software developers for investment companies and crypto-currency businesses from various countries, with five from Africa.
The countries where the malware samples were detected Kenya, Ethiopia, Nigeria, Gabon, Uruguay, Korea, Bangladesh, India, Vietnam, Indonesia, Costa Rica, Malaysia, Poland, Iraq and Thailand among others.
The Lazarus group heavily invests in new variants of their malware. For months they were trying to create a malicious toolset which would be invisible to security solutions, but every time they did this, Kaspersky Lab’s specialists managed to identify unique features in how they create their code, allowing Kaspersky Lab to keep tracking the new samples. Now, the attackers have gone relatively quiet, which probably means that they have paused to rework their arsenal.