Hackers pretending to screen a Chilean ATM network staffer for a new job instead slipped malware onto his work computer, leading to a broader attack.
The fake job interview was part of a phishing attack meant to compromise Redbanc, Chile's ATM network, in December.
The phishing incident and subsequent cyberattack were exposed by Chilean Senator Felipe Harboe in a Jan. 8 tweet demanding the network disclose the security breach to the public, along with the magnitude, risk and control measures of the attack.
Redbanc confirmed the breach days later reporting it had taken the appropriate security measures to safeguard the network against the cyberattack. Redbanc operates the interbank network that connects all of the ATMs from the various banks operating in Chile.
A Redbanc IT employee responded to a developer position posted on LinkedIn, reports a local Chilean technology news website TrendTIC. Once the employee responded to the job position, he was contacted by hackers believed to be known as the Lazarus Group which has ties to the North Korean dictatorship.
Taxis drive down a street in the financial district of Santiago, Chile, on Wednesday, Dec. 3, 2014. Chilean unemployment unexpectedly fell in the three months through October, the first month of a quarter that Finance Minister Alberto Arenas forecasts will see a "small and moderate reactivation" in the economy. Photographer: Ronald Patrick/Bloomberg
Ronald Patrick/Bloomberg
The hackers conducted a Skype interview in Spanish with the employee to gain his trust in believing the position was legitimate. Once the trust had been gained, the employee was asked to install the ApplicationPDF.exe program on his computer, with the excuse of generating his online application form in a PDF format.
Further software code analysis by Vitali Kremez, director of research at Flashpoint (a business risk intelligence firm), revealed the intrusion involved PowerRatankba, a malware toolkit that is also tied to Lazarus. This intrusion is the latest known example of Lazarus-affiliated tools being deployed against Latin American financial institutions, according to Flashpoint.
While phishing prevention is often designed to prevent hackers from spoofing bank websites to fool consumers into providing individual details, hackers will often set their sights on bigger targets, such as individuals who have access to an entire network. In the case of Redbanc, the intended target was the entire Chilean ATM network and possibly the entire Chilean banking system.
North Korea has become a major sources of attacks. The North Korean cyberattack organization APT38 has reportedly has stolen more than $1.1 billion since 2014 from global financial institutions targeting a banks access to the Swift messaging network. APT38 notably began its attacks with the $81 million malware-based heist of the Bangladesh Bank in 2016 through its account at the Federal Reserve Bank of New York.
The corporate cash management fintech acquired ATOM to extend treasury management services to its business customers and raised funds from PNC and State Street.
BankUnited hires Wells Fargo's James Mackey to be its new chief financial officer; Ponce Bank President and CEO Carlos Naudon is named chairperson of the Community Development Bankers Association; Jefferson Bank announces the retirement of longtime President and CEO Danny Butler; and more in this week's banking news roundup.
The New York bank is the latest to offer generative AI to all its employees and agentic AI to developers. Chief Information Officer Marco Argenti explained the bank's next steps with the technology.
Investor reaction to the proposed $8.6 billion deal has been sour, with both banks' share prices falling more than 11% as of Friday afternoon. The response appeared to reflect the market's distaste for mergers of equals and the risks associated with crossing the $100 billion-asset threshold.
The Community Investment and Prosperity Act would increase the statutory cap for bank investment into community development projects, unlocking "billions in capital" that can be directed to affordable housing.
Given FHFA Director Bill Pulte's history of making regulatory pronouncements via X, some theorize the release of Fannie Mae and Freddie Mac could occur in the same way.
