Lazarus hackers compromise Chile's ATM network through LinkedIn job advert

The hack was facilitated by a fake job interview via the business-orientated social network

Person entering their PIN number into an ATM machine

Chile's ATM network has been compromised by what is believed to be Lazarus, the cybercrime outfit oft-thought to have links to North Korea.

The attack was facilitated by a Redbanc employee who fell for a phishing scam following a job application. Redbanc is the company that manages the interconnecting infrastructure for all of Chile's ATMs.

Advertisement - Article continues below

The employee applied for a job via LinkedIn and then the hiring company, believed to be Lazarus, set up a fake interview with the applicant in Spanish, according to trendTIC.

The applicant was then told to download and install a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form.

Instead, this application was a form of malware known as PowerRatankba, a strain previously linked to Lazarus Group, according to Vitali Kremez, director of research at Flashpoint, in an analysis of the executable.

The malware collected information about the employee's computer and sent it back to a remote server so when the attackers realised they had caught a big fish, they could release a PowerShell script in a second stage payload. The computer then acted as an entry point for the attackers to compromise the Redbanc infrastructure.

Advertisement
Advertisement - Article continues below

The attack happened in late December 2018 but has only recently been reported for the first time.

Chilean Senator Felipe Harboe slammed Redbanc for failing to disclose the hack sooner, the company did just that the following day.

The Lazarus hackers are known for their prolific hacks on banks and cryptocurrency exchanges and have remained anonymous and active for some years.

Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Recommended

Visit/security/cyber-security/355267/zoom-hires-ex-facebook-cso-to-boost-platform-security
cyber security

Zoom hires ex-Facebook CSO Alex Stamos to boost platform security

8 Apr 2020
Visit/security/vulnerability/355236/hp-support-assistant-flaws-leave-windows-devices-open-to-attack
vulnerability

HP Support Assistant flaws leave Windows devices open to attack

6 Apr 2020
Visit/security/cyber-security/355234/safari-bug-let-hackers-access-cameras-on-iphones-and-macs
cyber security

Safari bug let hackers access cameras on iPhones and Macs

6 Apr 2020
Visit/software/video-conferencing/355229/zoom-we-moved-too-fast
video conferencing

Zoom CEO admits company "moved too fast" as privacy issues mount

6 Apr 2020

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020