Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security IT Technology

North Korean Hackers Infiltrate Chile's ATM Network After Skype Job Interview (zdnet.com) 44

A Skype call and a gullible employee was all it took for North Korean hackers to infiltrate the computer network of Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks. From a report: Prime suspects behind the hack are a hacker group known as Lazarus Group (or Hidden Cobra), known to have associations to the Pyongyang regime, is one of the most active and dangerous hacking groups around, and known to have targeted banks, financial institutions, and cryptocurrency exchanges in the past years. Lazarus' most recent attack took place at the end of December last year but only came to the public's attention after Chilean Senator Felipe Harboe called out Redbanc on Twitter last week for not disclosing its security breach. The company, which has direct lines into the networks of all Chilean banks, formally admitted to the hack a day later in a message posted on its website, but that announcement didn't include any details about the intrusion. However, a day after Redbanc's admission, an investigation conducted by Chilean tech news site trendTIC revealed that the financial firm was the victim of a serious cyber-attack, and not something that could be easily dismissed. According to reporters, the source of the hack was identified as a LinkedIn ad for a developer position at another company to which one of the Redbanc employees applied.
This discussion has been archived. No new comments can be posted.

North Korean Hackers Infiltrate Chile's ATM Network After Skype Job Interview

Comments Filter:
  • by lazarus ( 2879 ) on Thursday January 17, 2019 @11:59AM (#57977664) Journal

    Just for the record, I had nothing to do with this.

  • For the Record (Score:2, Interesting)

    by Anonymous Coward

    It's not "after a skype interview", but rather "after the user opened a malicious executable which compromised the system". How is this newsworthy again?

    • It's not "after a skype interview", but rather "after the user opened a malicious executable which compromised the system". How is this newsworthy again?

      Clickbait for Nerds.

  • That was sarcasm, in case anybody didn't get it...
  • Misleading title... (Score:5, Informative)

    by Fuzi719 ( 1107665 ) on Thursday January 17, 2019 @12:10PM (#57977712)
    The title makes it seem as if Skype was the infection vector, but reading the article will tell you it wasn't. The problem, as usual, is stupid people doing stupid things, "during this interview [the Skype call], the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form." Yes, Skype is a mess, but it didn't infect the computer system.
    • The title makes it seem as if Skype was the infection vector, but reading the article will tell you it wasn't. The problem, as usual, is stupid people doing stupid things, "during this interview [the Skype call], the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form." Yes, Skype is a mess, but it didn't infect the computer system.

      I think that's even less interesting than what I had imagined, which was the Redbanc employee leaving screen sharing turned on and allowing the other person to see something like login credentials that they could use to gain access.

    • by AHuxley ( 892839 )
      The ".exe" is the big US brand hint.
      Its the junk US consumer OS that allows NK in.

      Doing interviews with random strangers?
      Ensure the interview system is fully isolated and used only for that interview.
  • by Anonymous Coward

    North Korea has nothing to gain by doing flippant things like this at this point in time when they're trying to reconcile with the world. This is just malicious attribution most likely carried out by the U.S. to continue throwing wrenches into the work as always.

    Also, what could they possibly gain by doing this? Plop out money at some cash dispenser and then send an agent to collect the "booty" and bring it back home? As usual, a "report" with no sense to it.

    • by ShanghaiBill ( 739463 ) on Thursday January 17, 2019 @12:52PM (#57977890)

      North Korea has nothing to gain by doing flippant things like this

      Actually, they do gain. If NK behaved like a "normal" country, they would be treated like one. But by regularly engaging in batshit insane behavior, they lower expectations so much that when we sit down to negotiate with them, we are happy to accept any outcome that is even halfway sane, even they though have a long pattern of not keeping their word.

      The Kim family regime has controlled NK for more than 70 years. Even longer than the Castro family has controlled Cuba. Their strategy of egregious behavior has worked well for them.

  • by jellomizer ( 103300 ) on Thursday January 17, 2019 @12:18PM (#57977742)

    I read the title, and I was thinking of Chilie's Bar and Grill, (a somewhat popular food chain in the US). I was picturing some early 20 something store manager, just getting tricked by this guy. Then I read a little further realize it was the country.

    • Re: (Score:2, Offtopic)

      I read the title, and I was thinking of Chilie's Bar and Grill

      Here is a quick guide:

      Chile: The country
      Chili: The name of the bar & grill
      Chilie: (What your wrote) Not an actual word

      • This is Chili's Grill & Bar, an American restaurant chain.

        This is Chile, a beautiful country located in South America. Have you ever heard of the writer Isabel Allende? She comes from Chile!

        I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

  • "known to have associations to the Pyongyang regime" Seriously? If they are operating out of North Korea they are just stooges for that Joffrey wannabe. Get it straight. There is no Pyongyang regime. There is no North Korean government. It's just that piece of slime. Every news report or article that says something like "the North Korean government did or said thus and so" should get the publisher slapped silly. They know his name.
  • Just reading the headline, I was thinking if N. Koreans can bypass your security, you're a piece of red meat in the jungle filled with hungry amateur hackers.
  • by cwsumner ( 1303261 ) on Thursday January 17, 2019 @02:07PM (#57978228)

    It was "EggShell" security, a hard perimiter with no protection once it cracks. Any breach and -everything- is lost.

    I am not sure that it counts as any security at all, these days...

  • “The dropper used to deliver the malware is related to the PowerRatankba, a Microsoft Visual C#/ Basic .NET (v4.0.30319)-compiled executable” ref [securityaffairs.co]

    .. insert one of China/Russia/Iran/NORK/Venezuela ..or who ever else the deepstate is trying to pick a fight with ..

"An idealist is one who, on noticing that a rose smells better than a cabbage, concludes that it will also make better soup." - H.L. Mencken

Working...