North Korean hackers, specifically the Lazarus group, are utilizing a new variant of the FASTCash malware to target Linux-based payment switches, disrupting bank transactions and facilitating ATM cashouts. The malware operates by compromising payment switch servers, manipulating transaction messages to authorize fraudulent withdrawals in Turkish Lira. This highly sophisticated attack underscores the need for strengthening security measures, including regular software updates, robust detection capabilities, strong network security, and staff education on phishing risks within financial institutions
The malware, disguised as a shared object file, targets ISO 8583 messages for manipulative authorization responses, displaying a similar modus operandi to its Windows variant identified in 2020. Overall, North Korean cyberattacks continue to evolve in sophistication, emphasizing the criticality of enhanced security practices and vigilance in combating such threats. https://hackread.com/north-korean-hackers-linux-fastcash-malware-atm-cashouts/