The Cybersecurity and Infrastructure Security Agency (CISA) and three other agencies have released a joint alert about the FASTCash bank robbery campaign carried out by a group of North Korean government-linked cyber threat actors called BeagleBoyz.
The group has initiated cyber-enabled ATM cash outs and fraudulent money transfers in several countries through its FASTCash scheme, CISA said Wednesday. CISA issued the alert with the FBI, Department of the Treasury and U.S. Cyber Command.
“North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations,” said Bryan Ware, assistant director of cybersecurity at CISA.
“CISA and our interagency partners work closely with industry to provide actionable, specific and timely cyber threat information, like today’s alert. Our aim is to disrupt and defeat malicious cyber campaigns and help government and industry partners prioritize resources to highest risk to stay one-step ahead of adversaries,” Ware added.
The alert said North Korea through the group BeagleBoyz has resumed its bank robbery scheme since February targeting financial institutions in several countries, including Argentina, Brazil, Japan, South Korea and Turkey.
BeagleBoyz threat actors have used spearphishing, watering holes and other tools and techniques to compromise financial institutions and the joint alert listed some of the publicly available malicious files the group has used to conduct job application-themed phishing attacks.
The alert also provided information on how the cyber threat group executes its scheme, uses persistence mechanism and credentials and avoids detection.