Hackers Target Trade Group, Rob Banks and Steal Athletes' Medical Records

In case you missed our coverage this week in ThreatWatch, Nextgov’s regularly updated index of cyber breaches:

US Trade Group Hit with Chinese Spy Tool, Researchers Say

A spy tool tied to the Chinese government was discovered on the National Foreign Trade Council’s website, according to a cybersecurity firm.

The trade group includes members from prominent companies including Wal-Mart, Johnson & Johnson, Amazon and Ford.

Fidelis Cybersecurity said an NFTC registration page included a malicious link that would launch Scanbox, a tool that logs what kind of software is being used by the computers exposed to it, Reuters reported. The tool has only been linked to groups associated with the Chinese government, the researchers said. 

Fidelis researchers said the attack, which NFTC detected five weeks ago, was likely the kind of traditional espionage that happens before large international summits—in this case, President Donald Trump’s April meeting with Chinese President Xi Jinping. The firm also said the link has been removed and there is no evidence NTFC members were affected. 

Kaspersky Links Hackers Behind Global Bank Heists to North Korea

The group suspected of making off with $80 million from a Bangladesh bank last year has a direct link to North Korea, a security firm says.

The robbery of the Central Bank of Bangladesh's systems took patience. The group behind it tooks months to learn the systems and then used stolen SWIFT credentials to request a series of transfers that totaled $851 million but made off with about $80 million, according to ZDnet.

A recent Kaspersky Lab report said there’s a high chance the Lazarus Group—also linked to the 2014 Sony Entertainment hack—is behind the Bangladesh theft, as well as attacks on other global financial institutions, bitcoin firms and casinos. The report also connects a subgroup called Bluenoroff, which specializes in targeting banks, to an IP address in North Korea.

The group operates on a large-scale and with a sophistication beyond most criminal organizations, running a “factory of malware” that constantly updates and morphs quality code.

“Their solutions are aimed at invisible theft without leaving a trace,” the report said.

Kaspersky identified suspected Lazarus attacks in Southeast Asia and Europe in recent weeks, though the group has gone quiet.

Russian Hackers Swipe Athletes’ Medical Records—Again

Fancy Bear, the hacking group linked to Russian intelligence, stole track and field athletes’ personal data from the sport’s international government body, The New York Times reported.

The International Association of Athletics Federation worked with authorities where its headquarters are located—Britain and Monaco—to secure its network, and notified athletes who filed medical records with it since 2012. IAAF attributed the theft to Fancy Bear, according to the Times report.

This is the third known attack attributed to Fancy Bear since some Russian athletes were banned from competing in the 2016 Olympic because of allegations of state-sponsored doping program, which the country's leaders denied. Hackers in the fall published information about athletes with therapeutic-use exemptions from the World Anti-Doping Agency and accessed the email of an U.S. Anti-Doping Agency’s employee.