North Korea may have been behind last year’s $81 million heist at the Bangladesh central bank’s account at the Federal Reserve Bank of New York, according to new evidence.
According to a new report from Kaspersky Labs, a cyber security firm, there is digital evidence that Lazarus, a group linked to the heist, used a direct connection from an IP address in North Korea to a European server, which ultimately was behind controlling the systems used in the heist.
“The first connections made on the day of configuration were coming from a few VPN/proxy servers indicating a testing period for the C&C server; however, there was one short connection on that day which was coming from a very rare IP address range in North Korea,” the report said. “This was another artefact pointing at a possible origin of the Lazarus group or at least some of its members.”
The North Korean government has denied allegations of the hack and Kaspersky itself said that despite the evidence of the North Korean IP address, this “ is not enough proof to provide definitive attribution given that the connection session could have been a false flag operation.”
In February 2016, hackers tried to steal $951 million from the Bangladesh Bank via multiple transactions.
Ultimately, the Federal Reserve Bank of New York was able to block a majority of the false transactions, which used the Dridex malware to attack the system, but not all of the funds were recovered.