On Monday (April 3), Kaspersky Lab revealed a link between North Korea and the multimillion-dollar cyberattack that rocked Bangladesh’s central bank and the financial industry as whole last year.
According to the cybersecurity firm’s research, Kaspersky uncovered digital records that show a European server used to launch the attack exchanged data with a computer connected to North Korea’s state-owned internet service provider, the Wall Street Journal reported.
Its believed that the hacking group Lazarus was behind the attack on Bangladesh’s central bank, and now the discovery of this digital clue could prove that the group has ties to North Korea — a theory that many security researchers have harbored since the 2014 cyberattack on Sony Pictures.
According to Kaspersky, the evidence actually came about from a technical error by the Lazarus hackers. The group failed to remove the computer log files on a server it used, leaving digital records that exposed its connection to another computer in North Korea.
Vitaly Kamluk, a researcher with Kaspersky, told WSJ that North Korea has “very little presence on the internet, and the chances that this is just a random connection are extremely small.”
“It does place North Korea into this equation,” he added.
Kaspersky Lab researchers were able to reconstruct how the group carries out an attack using the following steps: initial compromise, foothold established, internal reconnaissance and then deliver and steal.
Though the Lazarus group has been relatively quiet in recent months, the industry has been instructed to remain on high alert.