North Korean state-sponsored hackers resume massive bank heists

Posted by admin on September 18, 2020 under Tech News | Be the First to Comment

North Korean government-backed adversaries have executed a series of attacks against high-profile international banks, pilfering millions via fraud schemes.

A cybercriminal syndicate from North Korea codenamed BeagleBoyz is busy leveraging offensive remote access tools (RATs) and social engineering to steal funds from major financial institutions around the world. In light of this discovery, a number of U.S. Government agencies are alerting banks to the menace.

In a joint advisory issued on August 26, 2020, officials state that the hacking crew is pulling off bank heists over the Internet to fund the totalitarian regime. The threat actors are zeroing in on banks based in well over 30 countries. These shenanigans are reportedly aimed at draining victims’ accounts of a whopping $2 billion.

The startling details were exposed in the aftermath of an ongoing investigation conducted by the FBI, the U.S. Cyber Command, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury.

According to these findings, North Korean state-funded actors have been initiating illegal international money transfers and ATM cash-outs in multiple countries. For instance, just one of these schemes resulted in fraudulent cash withdrawals from ATMs owned by financial entities in dozens of countries, including the U.S.

As if these swindles weren’t enough, BeagleBoyz has been carrying out SWIFT frauds on a large scale, as was the case with the notorious Bangladesh bank heist of 2016 that entailed roughly $80 million in losses. By the way, the attempted amount was about $1 billion. The silver lining in this incident was that the Federal Reserve Bank of New York halted the remaining transfers due to suspicious payment instructions that came from the Bank of Bangladesh.

The BeagleBoyz hacking group is believed to be a branch of the Reconnaissance General Bureau of the North Korean government. Its operations are tracked back to 2014, resulting in hundreds of millions in losses. It is closely tied with the infamous Lazarus Group and APT38, to name a few. This organized cybercrime entity was behind several heists targeting cryptocurrency trading firms and the 2018 fraudulent ATM cash-outs exploiting the FASTCash platform.