McAfee: North Korean hackers suspected of involvement in cyberattacks on Türkiye's financial sector

According to a report released by McAfee on March 8, North Korean hackers are suspected of being involved in cyber attacks on Türkiye's financial sector.

On March 3, the McAfee Advanced Threat Research team confirmed that the hacker group Hidden Cobra attempted to breach the security of a Turkish government-backed financial institution.

While McAfee stopped short of formally identifying a North Korean cyber group as the culprit, they said in a report that the malware’s code was very similar to that used by a hacker operative with ties to North Korea.

The hackers used a modified version of the malware, dubbed "Bankshot," that exploited a recently discovered vulnerability in Adobe Flash. The attackers attempted to lure victims with emails containing an infected Word document titled "Agreement."

The report said the document appeared to be a template for an agreement between an unidentified individual in Paris and a cryptocurrency exchange regarding the distribution of bitcoin.

The Bankshot implant was distributed from a domain similar to the cryptocurrency platform Falcon Coin, but the malicious domain Falcon.io was created on December 27, 2017 and is not legally associated with the original platform.

Although no funds were stolen in this attack, the research team believes that the purpose of this activity was to remotely access the internal systems of government-controlled financial institutions. However, the report did not specify which organizations were affected by this attack.

The McAfee team also found two documents written in Korean that were aimed at different targets but appeared to be part of the same hacking campaign.

The US government warned about the Bankshot malware back in December 2017, linking it to the US hacking group Hidden Cobra. The US government believes the malicious cybercriminals are working for the North Korean government.

South Korea has repeatedly accused North Korea of ​​attacking its cryptocurrency exchanges, and international sanctions against North Korea have been tightened for almost a year.