North Korea-Linked Hackers Allegedly ‘Emptying Millions From ATMs’: Report


Daily Caller News Foundation logo
Gavin Hanson Contributor
Font Size:

The hacking group referred to as “Lazarus” by cybersecurity firms has allegedly been hacking into ATMs in Asia and Africa since at least 2016 to withdraw millions of dollars, according to a Thursday Symantec report.

Hackers reportedly used malware that “intercepts fraudulent Lazarus cash withdrawal requests and sends fake approval responses, allowing the attackers to steal cash from ATMs,” according to a report from Californian cybersecurity software company and producer of Norton Antivirus, Symantec. Using this ATM theft system, hackers are said to have fraudulently withdrawn tens of millions of dollars, by Symantec’s estimation, through “FASTCash attacks.”

Lazarus is a hacking group “involved in both cyber crime and espionage,” according to Symantec’s Security Response Attack Investigation Team, which detailed the alleged ATM exploit.

A Department of Homeland Security (DHS) alert from October attributed the ATM attack to “Hidden Cobra,” the name the report uses for “malicious cyber activity by the North Korean government.”

“DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme,” the DHS report said.

Lazarus has been implicated by cybersecurity firms in high-level cyberattacks, such as the WannaCry ransomware attack, the 2016 theft of $81 million from the central bank of Bangladesh, and the 2014 Sony information leak that exposed Sony account holders’ information to theft, reported The Verge.

These attacks are thought to all bear the same fingerprints, and the FASTCashWannaCry and Sony hacks, were each individually linked to the North Korean government by U.S. government agencies, according to Symantec. (RELATED: British Forces Practice Hacking Russian Power Grid)

While Lazarus has been linked to social wrongdoings, like the leaking of the movie “The Interview,” its aim in recent years has focused more and more on financial crimes, reported The Verge.

Follow Gavin on Twitter

All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact