February 6, 2017
In what considered to be the largest system hack in the country’s history and a massive attack on the financial sector, several banks in Poland have been infected with malware.
What’s surprising? The source of the malware infection is their own financial regulator, the Polish Financial Supervision Authority (KNF) — which, ironically, is meant to keep an eye out for the safety and security of financial systems in Poland.
During the past week, the security teams at several unnamed Polish banks discovered malicious executables on the workstations of several banks.
The KNF confirmed that their internal systems had been compromised by someone “from another country,” although no specifications were provided.
After downloads of suspicious files that were infecting various banking systems had been discovered on the regulator’s servers, the KNF decided to take down its entire system “in order to secure evidence.”
Once downloaded and executed, the malware connected to some foreign servers to perform various malicious tasks such as reconnaissance, data exfiltration, and post exploitation.
This particular malware appears to be a new strain of nasty software which has never seen before in live attacks and has a zero detection rate on VirusTotal.