Cyber security firm Kaspersky Lab on Monday said it had obtained digital evidence that bolsters suspicions by some researchers that North Korea was involved in last year’s $81 million cyber heist of the Bangladesh central bank’s account at the Federal Reserve Bank of New York.
Russian-based Kaspersky released a 58-page report on Lazarus, a group linked to the heist in Bangladesh and the 2014 attack on Sony’s Hollywood studio, which the U.S. government blamed on North Korea.
Among its findings, the report said Lazarus hackers made a direct connection from an IP address in North Korea to a server in Europe that was used to control systems infected by the group.
Kaspersky researcher Vitaly Kamluk told Reuters by telephone that the finding marked “the first time we have seen a direct connection” between North Korea and Lazarus, a hacking group whose activities dating back to 2009 have been documented by the world’s biggest cyber security firms.
For more about North Korea, watch:
The North Korean government has denied allegations of hacking made by officials in Washington and South Korea as well as security firms.
Kamluk said he could not conclusively say that Pyongyang was behind the attacks because it was possible the hackers went to great effort to make it look like they were from North Korea, or that North Koreans were working with others.
Still, he said that North Korean involvement was the most likely explanation.
Separately last month, U.S. officials also cast suspicion on Pyongyang. An official briefed on the probe told Reuters in Washington that the FBI believed North Korea was responsible.
And Rick Ledgett, the deputy director of the National Security Agency, told reporters at an Aspen Institute event on March 15 that private sector research tying North Korea to the Bangladesh bank heist was strong.
“If that’s true, then that says to me that the North Koreans are robbing banks,” Ledgett said. “That’s a big deal.”
The Bangladesh Bank heist was one in a string of financially motivated cyber attacks by a division of Lazarus dubbed Bluenoroff, the Kaspersky report said. Targets included banks, financial and trading companies, casinos and digital currency businesses in at least 18 nations, the report said.
Adrian Nish, head of threat intelligence with cyber security firm BAE Systems, said Kaspersky’s findings were significant, even though they did not conclusively link Pyongyang to Lazarus.
“It is significant further evidence,” said Nish, who led a team at BAE that in May 2016 was the first to link the Bangladesh heist and the Sony hack.