Four federal agencies say that a hacking team from the North Korean government has attempted to steal nearly $2 billion from ATMs in more than three dozen countries, from Argentina to Zambia.
They said there has been a resurgence in hacking efforts by the North Korean regime this year after a lull.
“Since February, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cashouts,” according to the warning issued by the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of the Treasury, the Federal Bureau of Investigation (FBI) and the U.S. Cyber Command. “Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions."
To distinguish North Korea’s malicious cyberactivity from other global enterprises, the agencies refer to it as the “BeagleBoyz.” The unit, which is within the North Korean government’s Reconnaissance General Bureau (the country’s version of the Central Intelligence Agency), has likely been active since 2014.
BeagleBoyz overlaps other alleged cybercrime groups tracked by the cybersecurity teams, including Lazarus, Advanced Persistent Threat 38, Bluenoroff and Stardust Chollima.
In 2018, a bank in Africa could not provide ATM or point-of-sale services to its customers for nearly two months following an attempted fast cash incident. Also that year, the BeagleBoyz remotely installed malware against a bank in Chile, resulting in the crash of thousands of computers and servers.
BeagleBoyz has also been known to install destructive anti-forensic tools onto computer networks of victim institutions.
Fraudulent ATM payouts have affected upwards of 30 countries in a single incident. The conspirators have stolen cash from ATM machines operated by various unknowing banks in multiple countries.
“As opposed to typical cybercrime, the group likely conducts well-planned, disciplined and methodical cyber operations more akin to careful espionage activities,” the agencies said. “Their malicious cyber operations have netted hundreds of millions of U.S. dollars and are likely a major source of funding for the North Korean regime.”
U.S. officials said they fear North Korea can use the illicit cash for prohibited nuclear weapons and ballistic missile programs. “Additionally, this activity poses a significant operational risk to the financial services sector and erodes the integrity of the financial system,” the agencies added.