The Cybersecurity and Infrastructure Security Agency (CISA) of the United States has recently published a warning on its website, alerting the public that North Korea has resumed targeting banks in what the US Government is referring to as “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks.”
“Since February 2020, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cash outs. The recent resurgence follows a lull in bank targeting since late 2019,” CISA on Wednesday.
In particular, the agency has published a joint advisory on its website which details the targeted operations from North Korea. According to the advisory, the hacking team, dubbed BeagleBoyz is controlled by . BeagleBoyz represent a subset of HIDDEN COBRA activity, CISA said on its website.
Commenting on the situation, Bryan Ware, Assistant Director of Cybersecurity, CISA, said in a statement realised on Wednesday: “North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations.
“CISA and our interagency partners work closely with industry to provide actionable, specific and timely cyber threat information, like today’s alert. Our aim is to disrupt and defeat malicious cyber campaigns and help government and industry partners prioritize resources to highest risk to stay one-step ahead of adversaries.”
BeagleBoyz have attempted to steal $2 billion in FASTCash hacks
The BeagleBoyz are responsible for the FASTCash ATM cashouts which were reported in October 2018. The group’s efforts included abuse of bank-operated SWIFT system endpoints and cryptocurrency thefts which have resulted in millions of crypto being stolen, CISA said.
The bank robberies have been going on since at least 2015 and according to public estimates, the BeagleBoyz have attempted to steal almost $2 billion. According to CISA, the thefts pose “severe operational risk” for individual firms in terms of reputational and financial harm.
The efforts of the BeagleBoyz hasn’t just been limited to ATM theft, but also to cryptocurrency theft, with the hackers targeting cryptocurrency exchanges.
“In addition to robbing traditional financial institutions, the BeagleBoyz target cryptocurrency exchanges to steal large amounts of cryptocurrency, sometimes valued at hundreds of millions of dollars per incident. Cryptocurrency offers the BeagleBoyz an irreversible method of theft that can be converted into fiat currency because the permanent nature of cryptocurrency transfers do not allow for claw-back mechanisms,” the joint advisory said.
The joint advisory published on the 26th of August 2020 is the combined efforts from CISA, the Department of the Treasury (Treasury), the (FBI) and U.S. Cyber Command (USCYBERCOM).