MAS Warns of Phishing Emails, North Korean APT Groups Steal Money from Financial Institutions
The US authorities and cybersecurity vendor FireEye published separate reports about North Korean APT groups that have been pilfering money from banking institutions around the world. The US authorities highlighted the Hidden Cobra APT group’s ATM cash-out scheme dubbed FASTCash, which has been targeted at banks in Africa and Asia and pilfered tens of millions of dollars. FASTCash schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions by configuring and deploying legitimate scripts on compromised switch application servers to intercept and reply to financial request messages with fraudulent but legitimate-looking affirmative response messages. All the compromised switch application servers were running unsupported IBM Advanced Interactive eXecutive (AIX) operating system versions.
In addition, FireEye introduced another APT group dubbed APT38, which shares certain similarities with Hidden Cobra and APT37 but differs in terms of targets and tactics, techniques, and procedures. Since at least 2014, APT38 has carried out attacks in more than 16 organisations across at least 13 countries, attempting to pilfer more than US$1.1 billion dollars from financial institutions. It is known to conduct lengthy planning and stay in a victim environment for as long as necessary to understand the network layout, required permissions, system technologies, and so on. The APT group is also known to use custom developed tools that will destroy evidence or victim networks after an attack.
 MAS issues warning on fraudulent e-mails
 HIDDEN COBRA – FASTCash Campaign
 APT38: Details on New North Korean Regime-Backed Threat Group
More Weekly Cyber Newsanalysis and insights
University of Hawaii Employees Targeted by Phishing Email, Wichita State University Students and Employees Suffer Email Scam
Russian Intelligence Agents Launched Cyberattack on UK-Based TV Station in 2015, Google Exposed Users’ Personal Data in March
FakeSpy Android Malware Targets Japanese Delivery Company, Heathrow Airport Fined for Data Protection Failings
French Police Sold Police Data on Dark Web, Russian Hacker Group Conducts New Low-Key Espionage Operations
Enhancing your security posture, developing your cyber strategy, and designing your incident response plans.
Ensign Systems Integration
Architecting and implementing cybersecurity solutions that bolster defences
Ensign Managed Security Services
Managing your security operations for advanced threat detection, continuous monitoring, and triage services