According to the light of the advanced research team, McAfee suspects that North Korea is the main culprit of the recent cyber attacks on Turkey’s financial sector. Though McAfee is not directly saying that the name of hacker team but he’s assuming that they are the responsible for this happening.
In the report, the McAfee team mention that the code of the malware in question closely resembles code used by a hacking operative associated with North Korea. The hackers also used modified malware known as a “Bankshot” that utilized a recently revealed vulnerability in Adobe Flash. not only that but also The attackers tried to lure their victims with spear-phishing emails containing an infected Microsoft Word file named Agreement.docx.
In this issue, The file appeared to be an agreement template for Bitcoin distribution between an unknown individual in Paris and a to-be-determined cryptocurrency exchange, the report says.
it’s true that there have been no reports of stolen money in the attacks, the research team believes the campaign intended to get remote access to the internal systems of the targeted
government-controlled financial organizations. The report, however, does not reveal which specific organizations were affected. And finally, The McAfee team also discovered two documents written in Korean,
which appear to be part of the same hacking campaign, but were intended for different targets. Back in December 2017, the US government issued a warning about Bankshot malware.linking it to Hidden Cobra, a group of hackers the U.S. Government considers malicious cyber-criminals working for the North Korean government.
North Korea has been repeatedly accused of hacking South Korean cryptocurrency exchanges, as international sanctions against the country have tightened over the past year.