MalwareMalware attacks on Polish banks in recent weeks may be part of a much wider campaign by cybercriminals targeting more than 30 countries.

Researchers from Symantec and BAE Systems have linked the malware used in the Polish attack to other, similar attacks that have taken place since last year in a number of other countries. Similarities between the tools and methodologies used point the finger at cybercriminal group Lazarus.

The group used a “watering hole” attack to inject code into target websites and redirect users to a custom exploit kit. The same code found on the Polish Supervision Authority, the source of the Poland attacks, was discovered on the websites of the Mexican National Banking and Stock Commission and Uruguayan state-owned bank Banco de la Republica Oriental de Uruguay.

“These IP addresses belong to 104 different organizations located in 31 different countries,” researchers from Symantec writes in a blog post. “The vast majority of these organizations are banks, with a small number of telecoms and internet firms also on the list.”

The Lazarus group has been operating since 2009 and mainly targets the US and South Korea. The group is suspected of being involved in the theft of $81 million from the central bank of Bangladesh last year.

[do_widget id=text-34]

by Alex Hamilton
Alex is Senior Reporter at IBS Intelligence, follow him on Twitter or contact him at: