Malware authors camouflage code with Russian terms

[steven36]

Lazarus group thought to be behind attack code.

 

Malware authors are attempting to hide behind Russia's reputation as digital crime centre to throw investigators off their scent, a security firm has found.

Low-level analysis of the malware used by the Lazarus group to attack Polish financial institutions has unearthed several Russian words in the application's components. 

 

However, BAE Systems threat research analysts Sergei Shevchenko and Adrian Nish believe the Russian language used in the malware is "most likely the result of an online translation" and not the work of a native speaker.

 

The analysts found multiple examples of inconsistencies and basic errors in the Russian terms used in the malware, and believe it was used to spoof the malware's country of origin.

 

 

 

Rather than Russian cyber criminals, the security vendor's analysis hinted the malware could be deployed by the Lazarus group, which has been active for the past seven to eight years.

The Lazarus group is suspected of being behind several destructive attacks against high-profile targets such as Sony Pictures Entertainment in 2014 and companies in the United States and South Korea.

 

More recently, security vendor Symantec linked the Lazarus group to the US$81 million (A$105.5 million) heist on the Bangladesh Central Bank in 2016, in which malware was deployed to take over computers that transferred money over the global SWIFT payments network.

 

 

The identities of those in the Lazarus group are unknown.

 

By Juha Saarinen

https://www.itnews.com.au/news/malware-authors-camouflage-code-with-russian-terms-452012

 

[straycat19]

The good news is groups like this will find it harder to hide.  We have deployed 30 CyberTeams and have 11 more being readied to be deployed this year.  These are offensive/defensive CyberTeams.  This is just a small portion of the total number of teams that are being deployed throughout the US as part of the CyberWar campaign.