Sep 27, 2019: Cybersecurity firm Kaspersky has reported the discovery of a new spyware tool that seemingly affects a large number of Indian firms in the financial and research space. As well as possibly the ATM which you use to withdraw money from your bank account. The tool, which is called Dtrack, is an evolution of a previously reported tool, ATMDtrack, which was said to be in widespread use to target automated teller machines (ATMs) across India. With a code sequence that is identical to the latter financial theft tool, Dtrack is now believed to be actively targeting a large number of Indian institutions, in order to steal confidential data, personal details of employees and closed conversations, as well as remotely downloading malicious tools, tracking key logs and monitoring IP (internet protocol) traffic.
The operation of the Dtrack espionage and theft tool, according to Kaspersky security researcher Konstantin Zykov, is a rather unusual one for a coordinated cybercrime group such as Lazarus, which is suspected to be a state-sponsored entity. Touching upon this, Zykov states, “It focuses on conducting cyber espionage or sabotage operations. Yet, it has also been found to influence attacks that are clearly aimed at stealing money. The latter is quite unique for such a high profile threat actor because generally, other actors do not have financial motivations in their operations.”
However, Zykov believes that these characteristics make the Lazarus group’s operation of the Dtrack remote access tool even more dangerous. He says, “The vast amount of Dtrack samples we found demonstrate how Lazarus is one of the most active APT groups, constantly developing and evolving threats in a bid to affect large-scale industries. Their successful execution of Dtrack RAT proves that even when a threat seems to disappear, it can be resurrected in a different guise to attack new targets.”
While Kaspersky has not disclosed the identities of any affected entity, the company says that the firms in question typically have “weak network security policies and password standards, while also failing to track traffic across the organization.” This would seemingly cover a large number of companies, which often fail to prioritise cybersecurity as an area of investment, due to budget constraints and lack of initiatives.