North Korean Hackers Used Crypto Disguise to Attack Turkey
March 11, 2018
The McAfee Advanced Threat Research published a report, stating that some hackers attacked several organizations of Turkey's financial sector. According to the report, the style of attacks allows to suggest that these hackers are originating from North Korea, because the code of the malware looks similar to the one, that was used by North Korean hackers in previous attacks.
The malware, used in the attack on Turkey, is the modified version of Bankshot that exploits a vulnerability in Adobe Flash. Attackers tried to lure employees of Turkish financial institutions with fake letters, containing an infected file. The file was called Agreement.docx and it appeared to be an agreement between an anonymous Paris-based individual and yet to be determined cryptocurrency exchange on the distribution of bitcoin.
Researchers also found two other documents, written in Korean. The say that these docs appear to be from the same hacking campaign, although the target has not been determined.
The report states that no money was stolen in these attacks on Turkish financial sector, but researchers suggest that hackers tried to get the remote access to internal systems of financial organizations of Turkey. The report does not disclose any specific institutions, that were subjects to these attacks.
North Korean hackers are infamous for their attacks on South Korean cryptocurrency exchanges. It was first reported in December 2017, that hackers from North Korea