Microsoft: State-Sponsored Hackers Siphoned Money From Several FIs


Microsoft’s lastest cybersecurity report has revealed that state-sponsored hackers have attacked several financial services firms, managing to steal “large sums of cash.”

According to Bloomberg, the cybersecurity report leaves out sensitive details of the attacks, including identifying which government sponsored them or which financial services firms were targeted.

The tech giant, which first became aware of the hacks when its experts assisted victims of the breach, revealed that cybercriminals were able to gain administrative access to computers by infecting them with a “highly targeted, obfuscated backdoor implant,” possibly via a spear-phishing email, and then sent cash to foreign accounts. In some cases, the attacks weren’t found for more than 100 days. And after the breach was discovered, a malware on the systems was released, stopping operations.

Cybersecurity firm FireEye described similar attacks in a report about five months ago, revealing that a North Korean hacking group accessed more than 16 firms in 11 countries, stealing more than $100 million. North Korean diplomats denied that the country was responsible. A Microsoft spokesman wouldn’t comment on whether the breaches were related.

North Korea has been accused of a slew of hacks in recent years, most notably the WannaCry computer virus, which inflicted more than 230,000 computers in over 150 countries in 2017. The U.S. even formally acknowledged the country of being responsible for the attack, which affected critical sectors, including health care, “potentially putting lives at risk,” said an official.

“We do not make this allegation lightly. It is based on evidence,” wrote U.S. homeland security adviser Tom Bossert at the time. “We are not alone with our findings, either. Other governments and private companies agree. The United Kingdom attributes the attack to North Korea, and Microsoft traced the attack to cyber affiliates of the North Korean government.”

The country also reportedly was responsible for numerous attacks on cryptocurrency exchanges that resulted in the theft of $6.99 million worth of tokens in 2017. And most recently it was accused of stealing the information of close to 1,000 North Korean settlers who fled to South Korea.