BeagleBoyz Bank Heist Feat FASTCash 2.0

A hacking group that is part of the North Korean government’s Reconnaissance General Bureau has been found stealing hundreds of millions from international banks to fund the country's dictatorial regime.

What happened?

Tracked as BeagleBoyz, the hacking group has been using malicious remote access tools in more than 30 countries as part of ongoing attacks, attempting to steal $2 billion since 2015.
  • The group has used cyber-enabled ATM cash-out schemes (identified as FASTCash that began in 2018), fraud bank robbery schemes, and SWIFT fraud schemes to target the systems of unwitting banks.
  • They are using a wide range of techniques to gain access to their victims' systems including spear-phishing, phishing, and watering holes, as well as social engineering.
  • They also used the malware FASTCASH, ECCENTRICBANDWAGON, and VIVACIOUSGIFT to steal millions of dollars from international banks.
  • Experts opine that BeagleBoyz may have also hired/contracted criminal hacking groups, such as TA505, for initial access development.

No geographical boundaries

From 2015 through 2020, BeagleBoyz has likely targeted financial institutions in more than 30 countries, including Brazil, Bangladesh, India, Japan, Mexico, Philippines, Singapore, South Africa, and many other countries, in the active bank robbery scheme to pilfer $2 billion.

North Korean hackers buzzing around

In the recent past, several North Korean hacker groups have been observed targeting international organizations. 
  • The US Army recently provided warnings about several North Korean hacking groups, including Andariel Group, Bluenoroff Group, Lazarus Group, and Electronic Warfare Jamming Regiment targeting banks in Belarus, China, India, Malaysia, and Russia.
  • North Korean hackers have been adopting new tactics, like focusing on Magecart attacks, creating new tools and frameworks like VHD ransomware, BLINDINGCAN and MATA Framework.

Security recommendations

In a joint advisory, U.S. federal government authorities have recommended financial institutions to verify their compliance with industry security standards for critical systems. Moreover, institutions with retail payment systems are recommended to follow cryptogram validation, implement data encryption in transit, and monitoring of anomalous behavior. Organizations with ATM or point-of-sale (PoS) devices have been advised to validate issuer responses to financial request messages.