(Repeats with no changes in text)
By Jim Finkle
BOSTON, March 15 A North Korean hacking group
known as Lazarus was likely behind a recent cyber campaign
targeting organizations in 31 countries, following high-profile
attacks on Bangladesh Bank, Sony and South Korea, cyber security
firm Symantec Corp said on Wednesday.
Symantec said in a blog that researchers have
uncovered four pieces of digital evidence suggesting the Lazarus
group was behind the campaign that sought to infect victims with
"loader" software used to stage attacks by installing other
"We are reasonably certain" Lazarus was responsible,
Symantec researcher Eric Chien said in an interview.
The North Korean government has denied allegations it was
involved in the hacks, which were made by officials in
Washington and Seoul, as well as security firms.
U.S. Federal Bureau of Investigation representatives could
not immediately be reached for comment.
Symantec did not identify targeted organizations and said it
did not know if any money had been stolen. Nonetheless, Symantec
said the claim was significant because the group used a more
sophisticated targeting approach than in previous campaigns.
"This represents a significant escalation of the threat,"
said Dan Guido, chief executive of Trail of Bits, which does
consulting to banks and the U.S. government.
Lazarus has already been blamed for a string of hacks dating
back to at least 2009, including last year's $81 million heist
from Bangladesh's central bank, the 2014 hack of Sony Pictures
Entertainment that crippled its network for weeks and a
long-running campaign against organizations in South Korea.
Guido, who reviewed Symantec's finding, said that it was
troubling to see a hacking group focus on attacking banks using
increasingly sophisticated techniques.
"This is a dangerous development," he said.
Symantec, which has one of the world's largest teams of
malware researchers, regularly analyzes emerging cyber threats
to help can defend businesses, governments and consumers that
use its security products.
The firm analyzed the hacking campaign last month when news
surfaced that Polish banks had been infected with malware. At
the time, Symantec said it had "weak evidence" to blame Lazarus.
Reuters has been unable to ascertain what happened in that
attack. Poland’s biggest bank lobbying group, ZBP, in February
said the sector was targeted in a cyber attack, but did not
provide further details. Government authorities declined comment
on the incident.
Authorities in Poland could not be reached for comment late
Symantec said the latest campaign was launched by infecting
websites that intended victims were likely to visit, which is
known as a "watering hole" attack.
The malware was programmed to only infect visitors whose IP
address showed they were from 104 specific organizations in 31
countries, according to Symantec. The largest number were in
Poland, followed by the United States, Mexico, Brazil and Chile.
(Reporting by Jim Finkle; Additional reporting by Pawel
Florkiewicz in Warsaw; Editing by David Gregorio)