Employee tricked into giving North Korean hackers access to Chile’s ATM over fake Skype job interview
North Korean hackers fooled a Redbanc employee into a fake job interview over Skype and then tricked him into downloading malware onto his work computer to get access to the company’s interbank network, according to a report by Chilean news site trendTIC.
For those unaware, Redbanc is an interbank network in Chile that connects the ATMs of all the banks in Chile.
It all began when the Redbanc employee in question responded to a developer job advertisement on the job website, LinkedIn. When the Redbanc professional clicked to apply for the position, he was contacted by the hackers for an interview, which they conducted in Spanish via a Skype call.
During the interview, the employee was asked to download, install, and run a program named ApplicationPDF.exe on the computer. He was told that it was a part of the recruitment process and would generate a standard application form online in PDF format.
However, the program instead installed malware on the computer, which in turn allowed hackers to gain access to the employee’s work computer username, hardware and OS, and proxy settings. This information was later used to deliver a second-stage payload to the device.
Although this attack took place in December last year, it was only made public after Chilean Senator Felipe Harboe used Twitter to accuse Redbanc of not disclosing the breach in time.
In a statement, the company says “the event had no impact on our operations, keeping our services running smoothly”.
Security company Flashpoint linked the malware strain to PowerRatankba, a malware toolkit that was previously used by North Korea-affiliated hacker group Lazarus. This hacking group which is behind the infamous Sony hack in 2014, have also been accused of attempting to steal money from Banco de Chile last year.