According to a joint statement issued by various government agencies services of the US, North Korean hackers known by the name BeagleBoyz use maliciously tools remote access, as part of ongoing attacks, aiming to steal huge sums of money from banks worldwide. The joint statement states that North Korean hackers have once again started robbing banks through remote access to Internet, from February 2020, with the aim of financing the country's regime. At the moment, North Korean hackers are targeting banks in more than 30 countries, aiming to steal $ 2 billion.
The Government of USA gathered and investigated information about this case from analysts of the FBI, the CISA, the US Treasury Department and USCYBERCOM. According to this information, the government announced that since February 2020, North Korean hackers have resumed targeting banks in many countries to carry out "fraudulent" international money transfers and ATM theft. He added that in one attack, the group's hackers stole cash from ATMs operating from banks in dozens of countries, including the United States.
In addition, hackers managed to steal $ 81 million from the Bank of Bangladesh during 2016. However, the Federal Reserve Bank of New York managed to stop the rest of a $ 1 billion transfer attempt, following the detection of transfer irregularities. received from the Bank of Bangladesh.
BeagleBoyz is a part of it Reconnaissance General Bureau of the North Korean government and has been active since at least 2014, having managed to steal hundreds of millions of banks in order to finance the country's regime. BeagleBoyz activity is linked to other groups monitored by cybersecurity companies, including APT38 (FireEye), Bluenoroff (Kaspersky), Lazarus Group (ESTSecurity) and Stardust Chollima (CrowdStrike). The team is also behind the FASTCash ATM cash-outs reported in October 2018, the abuse of breached SWIFT system endpoints since 2015, as well as thefts by cryptocurrency companies.
Since CISA's initial announcement of North Korea's FASTCash campaigns, BeagleBoyz has started targeting regional interbank payment processors with FASTCash malware, except for individual banks. In addition, U.S. government agencies have reported that North Korean hackers use a variety of tools and techniques to gain access to banking networks, learn topology to discover basics systems, in order to make money from their access.
At the same time, North Korean hackers are targeting cryptocurrency exchanges to steal large amounts of cryptocurrencies, often worth hundreds of millions of dollars per incident. Cryptocurrency offers BeagleBoyz hackers an irreversible method of theft that can be converted into fiat currency, because the nature of cryptocurrency transfers does not allow claw-back mechanisms.
U.S. agencies also noted that North Korean hackers were spotted using a wide range of techniques to gain access to their victims' systems, including spearphishing and social engineering. Phishing recruitment attacks from 2018 to early 2020. They may also have recruited the services of piracy gangs, such as TA505, for initial access to targeted financial institutions, launching the final attack on banking systems - victims months later in some cases.
In addition to the joint warning, the US Cyber Command also released three malware analysis reports (MARs) on the North Korean government ATM cash-out plan with information on ECCENTRICBANDWAGON, VIVACIOUSGIFT and FASTCASH for Windows malware.
Finally, the US Treasury Department imposed sanctions on three DPRK-funded piracy groups (Lazarus, Bluenoroff and Andariel), in September 2019.