Cyber security outfit Symantec said that a North Korean hacking group known as Lazarus was likely behind a recent cyber campaign targeting organizations in 31 countries, following high-profile attacks on Bangladesh Bank, Sony and South Korea.
Writing in its corporate bog Symantec said researchers have uncovered four pieces of digital evidence suggesting the Lazarus group was behind the campaign that sought to infect victims with “loader” software used to stage attacks by installing other malicious programs.
Symantec researcher Eric Chien said that it was reasonably certain Lazarus was responsible.
The North Korean government has denied allegations it was involved in the hacks, and said its glorious leader was at a wine and cheese evening when the attacks happened and there were nearly a dozen generals who can give him an alibi.
Symantec said it did not know if any money had been stolen. Nonetheless, Symantec said the claim was significant because the group used a more sophisticated targeting approach than in previous campaigns.
Lazarus has already been blamed for a string of hacks dating back to at least 2009, including last year’s $81 million heist from Bangladesh’s central bank, the 2014 hack of Sony Pictures Entertainment that crippled its network for weeks and a long-running campaign against organizations in South Korea.
Symantec has one of the world’s largest teams of malware researchers, regularly analyses emerging cyber threats to help can defend businesses, governments and consumers that use its security products.
The firm analyzed the hacking campaign last month when news surfaced that Polish banks had been infected with malware. At the time, Symantec said it had “weak evidence” to blame Lazarus.
Symantec said the latest campaign was launched by infecting websites that intended victims were likely to visit, which is known as a “watering hole” attack.