New Delhi: Malware created to infiltrate Indian ATMs and steal customers' card data has been traced to the Lazarus group controlled by the Reconnaissance General Bureau, North Korea's primary intelligence bureau.

The Lazarus Group's activities were widely reported after it was blamed for the 2014 cyber attack on Sony Pictures Entertainment and the 2017 WannaCry ransomware attack on countries including the US and Britain.

It is one of the three entities that the US sanctioned earlier this month.

"Lazarus iMalware stealing ATM card details of Indians traced to N.Koreas a rather unusual nation state-sponsored group. On [the] one hand, as many other similar groups do, it focuses on conducting cyberespionage or sabotage operations. Yet on the other hand, it has also been found to influence attacks that are clearly aimed at stealing money," said Konstantin Zykov, Security Researcher at Kaspersky's Global Research and Analysis Team.

Kaspersky researchers discovered ATMDtrack, a piece of banking malware targeting Indian banks in 2018. Further analysis showed that the malware was designed to be planted on the victim's ATMs, where it could read and store the data of cards that were inserted into the machines.