McAfee say Hidden Cobra hacker group targets Turkish Financial system

Recently, the anti-virus giant McAfee released a report which found that the recent cyber attacks in the Turkish financial industry may be related to North Korean hackers. Not only that, the McAfee senior research group on security threats also found that this attempt to undermine the Turkish government. The illegal organization of the supporting financial institutions may be hacker group Hidden Cobra.

Although McAfee did not give a clear indication of the name of the hacker, they mentioned in the report that the code used to attack Turkish financial institutions was very similar to the code used by North Korean cryptocurrency hackers.

It is reported that the hacker is using a modified version of the malware called “Bankshot”, exploiting the vulnerabilities found in recent Adobe Flash software. The attacker tried to use a “Microsoft.docx” Microsoft Word file infected with the virus, and then included Inducing victims in a phishing email.

The domain name of the Bankshot malware code is similar to that of the cryptocurrency lending platform Falcon Coin, but the malicious website domain name falcancoin.io was draped on December 27, 2017. Therefore, from a legal point of view, it is not related to the original platform.

Up to now, this attack has not been disclosed as having any financial losses. However, the McAfee senior research group on security threats believes that the main purpose of this hacking attack was to remotely access internal systems of government-controlled financial institutions, but they also did not disclose which government agencies were affected by the attack.

Not only that, the McAfee senior research group on security threats found two files in Korean that were written in Korean. Although the target of the attack was different, it may be seen from the same hacker.

Back in December 2017, the U.S. government released a risk profile for Bankshot malware at the time and pointed out that the malware was related to the Hidden Cobra hacking organization. At that time, the U.S. government stated that the hacking organization was working for the North Korean government. South Korea has repeatedly accused North Korea of hacking attacks on the country’s cryptocurrency exchanges. The current international sanctions against North Korea have also exceeded one year.

Source, Image: McAfee

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal

Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy

Written by

@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.