How researchers foiled a suspected nation state attack targeting an African bank

How researchers foiled a suspected nation state attack targeting an African bank

A high-profile cyber-attack that targeted a major financial institution in Africa has been described as "very sophisticated, multi-faceted and highly-targeted" by the CEO of the firm that discovered it.

In May, attackers infiltrated the firm's infrastructure and completed several low-value transactions to banks located in Bulgaria. To avoid detection, attackers used encryption certificates that were signed in North Korea.

Omar Yaacoubi, CEO and co-founder of Barac, says the attack was carefully designed to extract money from high-net-worth corporate accounts via the SWIFT Payments infrastructure. He tells IDG Connect: "It must have taken a considerable amount of research and effort to craft."

Yaacoubi claims that the firm uncovered the attack when it was in its early stages and when the hackers were likely testing the integrity of the exfiltration method. "We spotted this when we identified a regular yet suspicious pattern in the metadata of encrypted traffic leaving the bank's head office network," he says. "There were a few things not quite right with the traffic; first of all, it was all destined for servers in Bulgaria. On further investigation we could see that these leveraged encryption certificates were signed in North Korea."

He explains that command and control traffic was obfuscated by multiple fake websites, encryption and common traffic patterns to avoid detection. "Since all the traffic leaving the bank is encrypted, the hackers took advantage of this and hid their C+C within what appeared to be regular encrypted data flows sent to servers in Bulgaria.

To continue reading...


« Secret CSO: Darrell Stinson, MacStadium


CTO Sessions: Eran Brown, INFINIDAT »
Nicholas Fearn

Nicholas is a technology journalist from the Welsh valleys. His work has been featured on Engadget, Lifehacker, Gizmodo, TechRadar, The Next Web, Forbes, Computer Weekly, Computing, Mail Online, The Telegraph and many other media outlets. In addition, he edits Tech Dragons, a publication covering STEM in Wales.

  • Mail


Do you think your smartphone is making you a workaholic?