North Korean cyber-attackers are suspected of having participated in a cyberattack against the Turkish financial sector . The McAfee Advanced Threat Research team has identified an attempt by the Hidden Cobra hacking group to violate the security of financial institutions backed by the Turkish government on March 2 and 3.

Although McAfee's policy does not officially identify cybergroups-states as culprits, they mention in the report that the malware code in question closely resembles the code used by a hacker associated with North Korea.

Hackers were using modified malware known as "Bankshot" a vulnerability recently revealed in Adobe Flash. Attackers have attempted to lure their victims with spear-phishing emails containing an infected Microsoft Word file named Agreement.docx.

The file appeared to be a model agreement for the Bitcoin distribution between an unknown individual in Paris and another. The report states that Bankshot implants were distributed from a similar area to the Falcon Coin cryptocurrency loan platform, but the falcancoin.io malicious domain was created on December 27, 2017, and n & rsquo; Is not

Although there has been no report of stolen money in the attacks, the research team believes that the campaign was aimed to obtain remote access to the internal systems of government-targeted financial organizations. The report, however, does not reveal which specific organizations have been affected.

The McAfee team also discovered two documents written in Korean, which appear to be part of the same hacking campaign, but intended for different targets.

In December 2017, the US government issued a warning about Bankshot's malware, linking it to Hidden Cobra, a hacker group that the US government considers to be malicious cyber criminals working for the North American government. Korean. ] North Korea has been repeatedly accused of piracy of South Korean cryptocurrency, while international sanctions against the country have hardened over the past year.