Lazarus & Watering-hole Attacks

An outline and analysis of a series of attacks directed at Polish financial institutions based on a recent article from badcyber.com and our own additional findings.
Lazarus Watering-hole AttacksOn 3rd February 2017, researchers at badcyber.com released an article that detailed a series of attacks directed at Polish financial institutions.
 
The article is brief, but states that "This is – by far – the most serious information security incident we have seen in Poland" followed by a claim that over 20 commercial banks had been confirmed as victims.
 
This report provides an outline of the attacks based on what was shared in the article, and our own additional findings.

 

 

Analysis

As stated in the blog, the attacks are suspected of originating from the website of the Polish Financial Supervision Authority (knf.gov[.]pl), shown below...
 
 
top
BAE Systems, Threat Research Team 13 February 2017