Hidden Cobra, a threat group linked to North Korea, has turned its interest to the financial institutions in Turkey. McAfee reported finding malware (known as Bankshot) associated with the group surfacing on systems belonging to three large financial organizations and at least two of major government-controlled entities involved in finance and trade in Turkey. The malware is designed to persist on compromised systems for further exploits. Stated by McAfee, this suggests that Hidden Cobra is trying to gather specific information that can be used to launch more attacks.
The FBI and the US Department of Homeland Security has described the group having a wide range of attack tools at its disposal. This includes: denial-of-service botnets, wiper malware, and remote access Trojans. The attacker’ tool choice, Bankshot, was also used in a Korean bank attack and in banks in Latin America. McAfee’s investigation showed that Bankshot implants were distributed via phishing emails. The emails contained a malicious word document with an embedded exploit for a recently disclosed Adobe Flash vulnerability.
https://www.darkreading.com/attacks-breaches/north-korea-threat-group-targeting-turkish-financial-orgs/d/d-id/1331223
That’s pretty bad considering that these attacks happened on the top 3 financial institutions. It’s still unsure why the attacks happened, but if they have already compromised sensitive financial data, then it might actually cause huge financial loss or even breakdown of the Turkish economy. It’s important to revisit the security systems or try to grab hands of 3rd party security companies to see the source.