Last year, Bangladesh’s Central Banks suffered a big blow when hackers apparently operating from North Korea managed to steal $81 million. Now, the cyber security firm Kaspersky has claimed that the attackers were most probably from the notorious Lazarus group and that banks in as many as 18 countries have become victims of this group’s latest hacking spree.

Apparently, the hackers are busy attacking banks around the world since Lazarus is counted amongst the elite hacking groups of the North Korean government.

Read More: How Bad is the North Korean Cyber Threat?

According to Kaspersky’s Vitaly Kamluk, they managed to trace the whereabouts of the hackers because they did not properly hide their location in one of the attacks. They identified the hackers through a strange, short, single connection and a single session that came out of the extremely “rare and unexpected IP rage” that originated from North Korea. Moreover, the language of the computer coding also hinted upon the involvement of North Korean hackers.

As far as the hacking operation is concerned, Kamluk believes that it was a very sophisticated malware campaign where hackers used a range of smart skills and tricks that even tricked the investigators. “They used a lot of anti-forensics techniques,” Kamluk told CNN.

Graphics: Kaspersky

Symantec, another cyber security firm, which conducted research on the recent surge in attacks on banks worldwide claims that the hackers surely are from North Korean, because malware code used in the Bangladeshi bank hack attack and the one used in the year 2014, the hack attack on Sony Pictures are same. The FBI confirmed the involvement of North Korean hackers in that past attack.

Experts believe that if the analysis is true, the only reason behind such a massive hacking campaign is that North Korean government is trying to rake in easy cash. According to Marcus Noland from Peterson Institute for International Economics, North Korea tried drug trafficking but due to tightening of interdiction the switched to currency counterfeiting, and now they are left with no other option but to raise money through cyber-crimes. It is also believed that Kim has acquired services of thousands of hackers associated with the country’s most notorious “Reconnaissance General Bureau,” and an elite unit Bureau 121.

Read More: Gone: Russian Central Bank hacked; $31 million stolen

This is not the first time when hackers from North Korean are in the news for criminal activities. Previously, South Korea had its critical infrastructure including nuclear reactors, air force website, military cyber command, and subway system hacked. The usual suspect in all those incidents were government-backed hackers in Pyongyang.

Jahanzaib Hassan