Lazarus hackers compromise Chile's ATM network through LinkedIn job advert

The hack was facilitated by a fake job interview via the business-orientated social network

Person entering their PIN number into an ATM machine

Chile's ATM network has been compromised by what is believed to be Lazarus, the cybercrime outfit oft-thought to have links to North Korea.

The attack was facilitated by a Redbanc employee who fell for a phishing scam following a job application. Redbanc is the company that manages the interconnecting infrastructure for all of Chile's ATMs.

The employee applied for a job via LinkedIn and then the hiring company, believed to be Lazarus, set up a fake interview with the applicant in Spanish, according to trendTIC.

The applicant was then told to download and install a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Instead, this application was a form of malware known as PowerRatankba, a strain previously linked to Lazarus Group, according to Vitali Kremez, director of research at Flashpoint, in an analysis of the executable.

The malware collected information about the employee's computer and sent it back to a remote server so when the attackers realised they had caught a big fish, they could release a PowerShell script in a second stage payload. The computer then acted as an entry point for the attackers to compromise the Redbanc infrastructure.

The attack happened in late December 2018 but has only recently been reported for the first time.

Chilean Senator Felipe Harboe slammed Redbanc for failing to disclose the hack sooner, the company did just that the following day.

The Lazarus hackers are known for their prolific hacks on banks and cryptocurrency exchanges and have remained anonymous and active for some years.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/public-sector/354608/uk-gov-launches-ps300000-sen-edtech-initiative
public sector

UK gov launches £300,000 SEN EdTech initiative

22 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020