The US Government announced today in a Warning that North Korea’s intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access. The U.S. Government refers to this team as BeagleBoyz.
The BeagleBoyz overlap to varying degrees with groups tracked by the cybersecurity industry. The Primary goal of the BeagleBoyz is robbing banks.
The Government says, that they are responsible for the FASTCash ATM cash outs reported in October 2018 and the fraudulent abuse of compromised bank-operated SWIFT system endpoints since at least 2015, and lucrative cryptocurrency thefts.
The BeagleBoyz raise substantial revenue for North Korea. North Korea may use these funds for its UN-prohibited nuclear weapons and ballistic missile programs. Additionally, this activity poses significant operational risk to the Financial Services sector and erodes the integrity of the financial system.
The BeagleBoyz have attempted to steal nearly $2 billion since at least 2015, according to public estimates. Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions.
In 2018, a bank in Africa could not resume normal ATM or point of sale services for its customers for almost two months following an attempted FASTCash incident.
The BeagleBoyz often put destructive anti-forensic tools onto computer networks of victim institutions. Additionally, in 2018, they deployed wiper malware against a bank in Chile that crashed thousands of computers and servers to distract from efforts to send fraudulent messages from the bank’s compromised SWIFT terminal.
North Korea’s widespread international bank robbery scheme that exploits critical banking systems may erode confidence in those systems and presents risks to financial institutions across the world. Any BeagleBoyz robbery directed at one bank implicates many other financial services firms in both the theft and the flow of illicit funds back to North Korea. BeagleBoyz activity fits a known North Korean pattern of abusing the international financial system for profit.
Fraudulent ATM cash outs have affected upwards of 30 countries in a single incident. The conspirators have withdrawn cash from ATM machines operated by various unwitting banks in multiple countries, including in the United States.
The BeagleBoyz also use unwitting banks, including banks in the United States, for their SWIFT fraud scheme. These banks are custodians of accounts belonging to victim banks or unknowingly serve as a pass-through for the fraud. Most infamously, the BeagleBoyz stole $81 million from the Bank of Bangladesh in 2016. The Federal Reserve Bank of New York stopped the remainder of this attempted $1 billion theft after detecting anomalies in the transfer instructions they had received.
The Following Malware is associated with the BeagleBoyz
- FASTCash for Windows
If you do discover any of these Malware, report it to your local FBI Office Immediately0