Security & Fraud

Cybersecurity Agencies Warn Banks Of North Korean Hackers

US Agencies Warn Of North Korean Hackers

Four federal agencies say that a hacking team from the North Korean government has attempted to steal nearly $2 billion from ATMs in more than three dozen countries, from Argentina to Zambia.

They said there has been a resurgence in hacking efforts by the North Korean regime this year after a lull.

“Since February, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cashouts,” according to the warning issued by the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Department of the Treasury, the Federal Bureau of Investigation (FBI) and the U.S. Cyber Command. “Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions."

To distinguish North Korea’s malicious cyberactivity from other global enterprises, the agencies refer to it as the “BeagleBoyz.” The unit, which is within the North Korean government’s Reconnaissance General Bureau (the country’s version of the Central Intelligence Agency), has likely been active since 2014.

BeagleBoyz overlaps other alleged cybercrime groups tracked by the cybersecurity teams, including Lazarus, Advanced Persistent Threat 38, Bluenoroff and Stardust Chollima.

In 2018, a bank in Africa could not provide ATM or point-of-sale services to its customers for nearly two months following an attempted fast cash incident. Also that year, the BeagleBoyz remotely installed malware against a bank in Chile, resulting in the crash of thousands of computers and servers. 

BeagleBoyz has also been known to install destructive anti-forensic tools onto computer networks of victim institutions.

Fraudulent ATM payouts have affected upwards of 30 countries in a single incident. The conspirators have stolen cash from ATM machines operated by various unknowing banks in multiple countries.

“As opposed to typical cybercrime, the group likely conducts well-planned, disciplined and methodical cyber operations more akin to careful espionage activities,” the agencies said. “Their malicious cyber operations have netted hundreds of millions of U.S. dollars and are likely a major source of funding for the North Korean regime.”

U.S. officials said they fear North Korea can use the illicit cash for prohibited nuclear weapons and ballistic missile programs. “Additionally, this activity poses a significant operational risk to the financial services sector and erodes the integrity of the financial system,” the agencies added.

——————————

NEW PYMNTS DATA: HOW WE SHOP – SEPTEMBER 2020 

The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.

TRENDING RIGHT NOW