Four hacker groups that pose serious threats to financial institutions

With growing digital transformation, the banking, financial services and insurance (BFSI) segment is also at the forefront of risk from cybercriminals. Higher digital transformation has led to a wider attack surface for hackers, and more entry points into a bank's or insurance firm's network.

Criminals are no longer just interested in stealing money either. They often wants to hold information at ransom, infiltrate and manipulate companies, and even commit frauds at different levels. Apart from stealing lots of money, cybercriminals could also use the attack to push political or personal agendas, or could simply just crave recognition within the hacker community. And one of the first steps to managing cyber risks is knowing who the attacker is.

Lazarus Group

The group dates way back to 2009 and has been speculated to be backed by the North Korean government. They are known for targeting crypto exchanges as well as traditional financial institutions. Some of the infamous attacks from the group are a Bangladesh Bank heist in 2016, and earlier in 2014, they attacked Sony Pictures entertainment. In 2015, they also had a change of strategy, moving away from DDoS attacks and began to compromise financial institutions. They are estimated to have stolen over $1.3 billion, as well as a most recent attack on the Society for Worldwide Interbank Financial telecommunications. 

FIN7

This hacker group has been associated with attacks through 2020 and 2021, attacking FSIs in Panama, IT organisations in Europe and several healthcare companies. They are infamous for stealing payment card details from big retailers and is known for attacking big companies. 

They are known for unorthodox social engineering methods, such as going to the extent of calling up their victims to make them open files. The group burst into the scene in 2015, and are known to target payment cards specifically, selling the stolen cards at a shop on the dark web known as the Joker’s Stash. 

Also read: Five Big Cyber Security Trends to watch out for in 202

TA505

This group has been associated with large spam campaigns and the volumes of messages that are being sent in such campaigns. In 2019 they were notorious for launching attacks in several countries, including the likes of Italy, India, Germany and China. In late 2019 they targeted financial enterprises using tools such as LOLBins and ServHelper. They were known to attack a small group of accounts with the sole aim of gathering intel about the environment of the victim. They are also known to be selective in the way they chose to persist in collecting data, carefully analysing the risks and known to dodge any countermeasures. 

In September 2021 the group conducted the MirrorBlast campaign, targeting the financial sector in Canada, the USA, Europe, Hong Kong and other geographies. 

Other attack groups to watch out for

Apart from the above-mentioned gangs, there are many lurking out there gaining notoriety. Some of the other names that have cropped up among BFSI security teams are Shathak, which in June 2021 was infecting financial institutions using the tool TrickBot through spam campaigns. The Dridex Gang is a group that manages botnets against banks known for using the tools Dridex, Locky and BitPaymer. They are primarily focused on utilising banking Trojans and ransomware, using which they look to distribute and profit from. Finally, the Cobalt Gang has been known to target FSIs all around the globe, who have proven to be versatile in their tactics and attack vectors. They were first noticed in 2016 when they attacked the Taiwanese First Commercial Bank. They work mainly through phishing emails to target malware.