www.zdnet.com
Open in
urlscan Pro
2a04:4e42:4c::666
Public Scan
URL:
https://www.zdnet.com/article/north-korean-hackers-infiltrate-chiles-atm-network-after-skype-job-interview/
Submission: On September 30 via api from US — Scanned from DE
Submission: On September 30 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
<form class="c-smartSearch_form"><input placeholder="What are you looking for?" type="search" autocomplete="off" aria-autocomplete="list" aria-activedescendant="" aria-controls="c-searchSmartSearchResults" name="query" value=""> <button
type="submit"><span class="search-go">Go</span> <svg>
<use xlink:href="#arrow-thin" aria-hidden="false"></use>
</svg></button></form>Text Content
/> X Trending * iPhone 14 Pro wins with substance over sizzle this year * What quiet quitting is really about * The future of the web will need a different sort of software developer * Linus Torvalds: Rust will go into Linux 6.1 * Welcome to ZDNET's next chapter * * Best VPN services * Best web hosting * Best electric cars * Best Samsung phone 2022 * The 7 best computers of 2022 * * Innovation * Working from Home * Cloud * Windows 11 * ZDNET Recommends Innovation * See all Innovation * AI & Robotics * Autonomous Vehicles * Computing * Electric Vehicles * Makers * * Metaverse * Open Source * Productivity * Quantum Computing * Smartphones * Social Media * * Services & Software * Space * Wearables * * 5G arrives: Understanding what it means for you * Tech skills: Upgrade your job * Accelerate your tech game Paid Content Home & Office * See all Home & Office * Energy * Home Entertainment * Kitchen & Household * Networking * Smart Home * * Smart Office * Sustainability * Yard & Outdoors * * The New Rules of Work Business * See all Business * Amazon * Apple * Cloud * CXO * Data Centers * * Developer * Digital Transformation * E Commerce * Edge Computing * Enterprise Software * Google * * Internet of Things * Microsoft * SMB * * Software development: Emerging trends and changing roles * Small Business Tech Essentials Finance * See all Finance * Banking * Blockchain * Credit Cards * Taxes * * The Future of Money * Financial Literacy 101 Education * See all Education * Bootcamps * Business & Management * Computers & Tech * MBA * Professional Development * * How to switch careers to tech * How to stand out in a job interview * Mental health in the workplace * Productivity and time management Security * See all Security * VPN * Cyber Threats * Password Manager * Ransomware * * Securing the Cloud tomorrow belongs to those who embrace it today * Asia * Australia * Europe * India * United Kingdom * United States * ZDNET France * ZDNET Germany * ZDNET Korea * ZDNET Japan Go Most Popular * See all topics * Deals * Newsletters * Videos * ZDNET Recommends * Trending iPhone 14 Pro wins with substance over sizzle this year What quiet quitting is really about The future of the web will need a different sort of software developer Linus Torvalds: Rust will go into Linux 6.1 Welcome to ZDNET's next chapter Best VPN services Best web hosting Best electric cars Best Samsung phone 2022 The 7 best computers of 2022 Innovation Working from Home Cloud Windows 11 ZDNET Recommends * Innovation See all Innovation AI & Robotics Autonomous Vehicles Computing Electric Vehicles Makers Metaverse Open Source Productivity Quantum Computing Smartphones Social Media Services & Software Space Wearables 5G arrives: Understanding what it means for you Tech skills: Upgrade your job Accelerate your tech game Paid Content * Home & Office See all Home & Office Energy Home Entertainment Kitchen & Household Networking Smart Home Smart Office Sustainability Yard & Outdoors The New Rules of Work * Business See all Business Amazon Apple Cloud CXO Data Centers Developer Digital Transformation E Commerce Edge Computing Enterprise Software Google Internet of Things Microsoft SMB Software development: Emerging trends and changing roles Small Business Tech Essentials * Finance See all Finance Banking Blockchain Credit Cards Taxes The Future of Money Financial Literacy 101 * Education See all Education Bootcamps Business & Management Computers & Tech MBA Professional Development How to switch careers to tech How to stand out in a job interview Mental health in the workplace Productivity and time management * Security See all Security VPN Cyber Threats Password Manager Ransomware Securing the Cloud * More See all topics Deals Newsletters Videos ZDNET Recommends Innovation Home Innovation Security NORTH KOREAN HACKERS INFILTRATE CHILE'S ATM NETWORK AFTER SKYPE JOB INTERVIEW Redbanc employee applied for a LinkedIn job and got a call from the world's most active hacker crews. Written by Catalin Cimpanu, Contributor on Jan. 15, 2019 * * * * * MUST READ Trade in your old devices for Amazon gift cards. Here's how Read now A Skype call and a gullible employee was all it took for North Korean hackers to infiltrate the computer network of Redbanc, the company that interconnects the ATM infrastructure of all Chilean banks. Prime suspects behind the hack are a hacker group known as Lazarus Group (or Hidden Cobra), known to have associations to the Pyongyang regime, is one of the most active and dangerous hacking groups around, and known to have targeted banks, financial institutions, and cryptocurrency exchanges in the past years. Lazarus' most recent attack took place at the end of December last year but only came to the public's attention after Chilean Senator Felipe Harboe called out Redbanc on Twitter last week for not disclosing its security breach. The company, which has direct lines into the networks of all Chilean banks, formally admitted to the hack a day later in a message posted on its website, but that announcement didn't include any details about the intrusion. However, a day after Redbanc's admission, an investigation conducted by Chilean tech news site trendTIC revealed that the financial firm was the victim of a serious cyber-attack, and not something that could be easily dismissed. According to reporters, the source of the hack was identified as a LinkedIn ad for a developer position at another company to which one of the Redbanc employees applied. The hiring company, believed to be a front for the Lazarus Group operators who realized they baited a big fish, approached the Redbanc employee for an interview, which they conducted in Spanish via a Skype call. trendTIC reports that during this interview, the Redbanc employee was asked to download, install, and run a file named ApplicationPDF.exe, a program that would help with the recruitment process and generate a standard application form. Image: Flashpoint But according to an analysis of this executable by Vitali Kremez, Director of Research at Flashpoint, the file downloaded and installed PowerRatankba, a malware strain previously linked to Lazarus Group hacks, according to a Proofpoint report published in December 2017. The malware, Kremez said, collected information about the Redbanc employee's work PC and sent it back to a remote server. Collected information included the PC's username, hardware and OS details, proxy settings, a list of current processes, if the infected host had RPC and SMB open file shares, and the status of its RDP connection. The collected information would have been able to tell the hackers what computer they infected, and later decide if they'd want to deliver a second stage payload in the form of a more intrusive PowerShell script. The Redbanc incident is yet another example of how one worker clicking on the wrong link or running the wrong file can result in a major security breach, and how one hacked PC or laptop can lead to an entire network getting compromised. Previously, according to an indictment by US authorities, Lazarus Group hackers have been accused of attempting to steal money from Banco de Chile, a local Chilean bank. CYBERCRIME AND MALWARE, 2019 PREDICTIONS ◀ MORE CYBERSECURITY NEWS: * Anonymous hacker gets 10 years in prison for DDoS attacks on children's hospitals * G Suite update warns you when someone is exporting your company's data * US charges Ukrainian for SEC 2016 hack, others for insider trading * A security conference will let you hack a Tesla car and earn cash prizes * Liberian ISP sues rival for hiring hacker to attack its network * Hacker 'BestBuy' sentenced to prison for operating Mirai DDoS botnet * Google now lets you donate to charity through the Play Store CNET * Phishing and spearphishing: A cheat sheet for business professionals TechRepublic Editorial standards Show Comments Log In to Comment Community Guidelines RELATED This iOS 16 trick makes your scribbly photo annotations look great THIS IOS 16 TRICK MAKES YOUR SCRIBBLY PHOTO ANNOTATIONS LOOK GREAT iPhone 14 is the most repairable iPhone since iPhone 7, according to iFixit IPHONE 14 IS THE MOST REPAIRABLE IPHONE SINCE IPHONE 7, ACCORDING TO IFIXIT Nova Labs teams up with T-Mobile for crypto-powered Helium Mobile service NOVA LABS TEAMS UP WITH T-MOBILE FOR CRYPTO-POWERED HELIUM MOBILE SERVICE ZDNET we equip you to harness the power of disruptive innovation, at work and at home. * Topics * Galleries * Videos * Do Not Sell My Information * about ZDNET * Meet The Team * Site Map * Reprint Policy * Join | Log In * Newsletters * Site Assistance * * * * © 2022 ZDNET, A Red Ventures company. All rights reserved. Privacy Policy | Cookie Settings | Advertise | Terms of Use Cookie Settings We use cookies and similar technologies to understand how you use our services, improve your experience and serve you personalized content and advertising. By clicking "Accept All", you accept all cookies. By clicking "Reject All", you reject all cookies except Strictly Necessary cookies. To manage your cookies and learn more about our use of cookies click “Cookie Settings”.Learn more. Cookie Settings Reject All Accept All