Info security body finds no evidence of infection at Swiss banks as a result of “Sharpshooter” campaign

Maria Nikolova

Switzerland’s Reporting and Analysis Centre for Information Assurance is in touch with a number of banks but no evidence of infection has been found.

Switzerland’s Reporting and Analysis Centre for Information Assurance (MELANI) has earlier today posted its 29th semi-annual report which addresses the most important cyberincidents of the first half of 2019 both in Switzerland and abroad.

MELANI noted the Lazarus attacks targeting Swiss banks. In March 2019, security software company McAfee published a follow-up to its December 2018 report on the Sharpshooter campaign. Last year, the campaign targeted 87 companies from all over the world, but mainly in the US. The companies concerned were from the defence, energy, nuclear and financial sectors.

In its second report, McAfee confirmed their initial suspicion that the Lazarus group was behind the attacks. The group is well known for having attacked systems at various banks and is considered by many experts to be connected to the North Korean regime.

In its first report on the matter, McAfee described attempted attacks against Swiss financial institutions.

Today, MELANI said it is in contact with a number of banks, as mentioned in the preceding semi-annual report.

“Then as now, no evidence of infection has been found at the potential target companies in Switzerland”, says MELANI.

Let’s recall that, in December 2018, security firm McAfee released a report on a newly discovered APT campaign against defence, energy, nuclear, and financial companies. The campaign called “Sharpshooter” began on October 25, 2018 with the sending of infected documents to individuals from 87 organisations around the world, mainly in the USA. According to the report, Swiss companies in the financial sector were also hit by the campaign.

Social engineering was used to get the recipients to open the infected documents. The letter was disguised as a letter of application and contained a link to a document on Dropbox which allegedly contained the application dossier. This method is particularly insidious because HR departments often receive unsolicited applications and usually open such documents.

The infection occurred via a macro contained in the Word document. Such macros are now blocked in many companies, or are activated only after confirmation of a corresponding warning message. If the macro is executed despite all warnings, the malware will smuggle Sharpshooter into the working memory of Word. The malware then installs a modular backdoor called “Rising Sun”. The functions of this component include collecting and sending information about documents, user names, network configuration, and system settings. The malware can also reload other functions.

The malware communicates via a command and control server controlled by the attackers.

In analysing the campaign, McAfee found evidence of connections to the “Lazarus” group: “Rising Sun” contains code and configuration data from the “Duuzer” family. Duuzer was also used in the hacker attack on Sony, which is associated with the Lazarus group.

Read this next

Retail FX

Banxso announces 8.7% interest rate on deposits in South Africa

“With Banxso, they can enjoy the benefits of both worlds – earning competitive interest and having the freedom to trade, all within the same platform.”

Industry News

FINRA to publish transaction details in U.S. Treasury securities

“Consistent with our longstanding practice, FINRA is introducing greater transparency in a calibrated and careful manner, benefiting liquidity and resilience in this critical market while also mitigating potential information leakage concerns.”

Institutional FX

OpenYield launches “cheap and easy” fixed income trading for brokers

“We’re on a mission to make bonds cheap and easy to trade, and are excited about the opportunity to build generational capital markets infrastructure.”

Digital Assets

Sumsub and Mercuryo publish a guide for VASPs: “Mastering Travel Rule Compliance”

“At Sumsub, we’ve concentrated our efforts on filling the gap in understanding the complexity of Travel Rule regulation and helping organizations find the best solution to stay safe and compliant while minimizing costs and avoiding potential risks of non-compliance. This guide we created with Mercuryo, our trusted partner, is the ultimate navigation tool all VASPs can consult.”

Digital Assets

Bitget Wallet Leads with Record Swap Volume & New Crypto Innovations

This week, Bitget Wallet achieved a milestone by surpassing Metamask with a record 388,757 Swap order transactions, securing the global lead. The significant 7-day trading volume, almost 68,000 more than its rival, underscores its liquidity and user trust. This robust activity signals Bitget Wallet’s prominent role and reliability in the dynamic crypto market.

Digital Assets

Embarking on a Digital Currency Journey

Imagine you’ve stumbled upon a treasure map, leading you to untold riches hidden in the vastness of the internet. Instead of gold coins and jewel-encrusted goblets, this treasure comes in the form of digital currencies, the modern-day loot coveted by many.

Reviews

Traders Union Experts Share The Trading Analyst Review For 2024

Navigating options trading in rapidly shifting markets poses a considerable challenge. This is where options trading alert services become invaluable. They aid traders in keeping abreast of evolving opportunities and market trends. In this assessment, Traders Union experts scrutinize The Trading Analyst alert service to ascertain its efficacy. 

Digital Assets

BlockDAG’s Presale Achieves $9.9M: Aiming For A 5000-Fold ROI As Cardano’s Price Rises And Fantom Launches Sonic

Explore Cardano’s surge, Sonic’s efficiency, and why BlockDAG’s growth makes it the top crypto choice. A deep dive into the future of blockchain investments.

Digital Assets

US, UK probe $20 billion Tether transfers tied to Russian exchange.

U.S. and UK authorities are investigating the movement of $20 billion in the USD-pegged stablecoin tether (USDT) through Moscow-based exchange Garantex.

<