- The hackers, identified as the BeagleBoyz, used malware distinguished as FASTCash to empty ATMs
- The BeagleBoyz is managed by North Korean intelligence and member of an organization identified as Hidden Cobra
- They have attempted to take $2 billion since 2015, as well as $1 billion from the New York Fed
U.S. investigators announced Wednesday hackers connected to the North Korean regime are financing the government’s nuclear weapons program by emptying ATMs and gaining fraudulent money transfers. The hackers have tried to steal $2 billion since 2015.
The FBI, Homeland Security, Treasury, and U.S. Cyber Command discovered the campaign involves spearphishing, which was aimed at the retail payment base known as SWIFT and associated “lucrative cryptocurrency thefts.”
“North Korea’s intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access,”
a joint report by the bureaus said. The hackers are related to the BeagleBoyz, which have likely been around since 2014 and are part of a larger group known as Hidden Cobra. Some of their movements must have been incurred out to notorious criminal organizations.
Bryan Ware, assistant director for cybersecurity at the Department of Homeland Security, described the hackers’ method “imaginative” for the capacity to alter tactics to evade detection.
In 2018, the BeagleBoys used wiper malware to crash thousands of computers and servers to provide cover for an attack against a bank in Chile and took down Africa’s ATM network for two months due to its theft efforts.
The hackers also attacked financial institutions in Brazil, India, Indonesia, Spain, Turkey, and Southeast Asia. It was blamed for an $81 million theft from the Bank of Bangladesh as part of an attempted $1 billion robbery from the Federal Reserve Bank of New York.
“The BeagleBoyz initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors. This suggests the BeagleBoyz are exploring upstream opportunities in the payments ecosystem,” the statement said.
The campaign “presents risks to financial institutions across the world,” as stated in the report.