North Korean government hackers dubbed the BeagleBoyz are trying to electronically rob banks, the United States warned this week.
Operating under the umbrella of Pyongyang's cyber-spy efforts dubbed HIDDEN COBRA by Uncle Sam, the gang compromises and hijacks SWIFT terminals used by banks to transfer large sums of money among one another. The crew is believed to have been behind attempts to steal as much as $2bn from banks around the world using this method. Many of the attempted heists are spotted and stopped before they complete, though, and only a few seemingly succeed.
In one such successful instance, they swiped $81m from the Bank of Bangladesh in 2016, a theft previously attributed to North Korea. According to the US government, BeagleBoyz "use unwitting banks, including banks in the United States, for their SWIFT fraud scheme. These banks are custodians of accounts belonging to victim banks or unknowingly serve as a pass-through for the fraud."
The hackers also like to make ATMs pay out free money, known as cash outs: "Fraudulent ATM cash outs have affected upwards of 30 countries in a single incident. The conspirators have withdrawn cash from ATM machines operated by various unwitting banks in multiple countries, including in the United States."
BeagleBoyz world tour ... Countries potentially targeted by BeagleBoyz. Click to enlarge. Source: US government
"The BeagleBoyz overlap to varying degrees with groups tracked by the cybersecurity industry as Lazarus, Advanced Persistent Threat 38 (APT38), Bluenoroff, and Stardust Chollima," America's Cybersecurity and Infrastructure Security Agency said of the crew, "and are responsible for the FASTCash ATM cash outs reported in October 2018, fraudulent abuse of compromised bank-operated SWIFT system endpoints since at least 2015, and lucrative cryptocurrency thefts."
More usefully, the above-linked advisory is packed with technical information on how the team operates, what they exploit, how to detect them, and how to thwart them. Check it out if you think your organization will fall onto their hit list.
Speaking of North Korea
The US Department of Justice said it has moved to seize control of 280 cryptocurrency accounts that North Korean hacking crews are said to be using to shift cash.
According to a court filing [PDF] by the Feds, the accounts are being used to launder crypto-coins stolen by Pyongyang's hacking crews. The swiped coins were said to have been shifted through Chinese exchanges before making their way back to Pyongyang via these accounts.
"As North Korea becomes bolder and more desperate in their efforts to steal money using sophisticated money laundering techniques, HSI will continue to apply pressure by exposing their fraudulent transactions,” said Steven Cagen, special agent in charge at the Homeland Security Investigations unit of ICE.
"We are committed to safeguarding the interest of the United States against the criminal elements in North Korea to protect the integrity of the cyber financial system." ®