FireEye: FastCash2.0: North Korea's BeagleBoyz Robbing Banks
United Arab Emirates, August 27, 2020: CISA, Treasury, FBI, and USCYBERCOM identified malware and indicators of compromise (IOCs) used by the North Korean government in an ATM cash-out scheme—referred to by the U.S. Government as “FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks. According to the alert, North Korea’s widespread international bank robbery scheme that exploits critical banking systems may erode confidence in those systems and presents risks to financial institutions across the world.
BeagleBoyz have attempted to steal nearly $2 billion since at least 2015, according to public estimates. Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions.
Please find below the statement from Fred Plan, Senior Analyst, Mandiant Threat Intelligence, FireEye:
Mandiant Threat Intelligence tracks multiple groups conducting financially-motivated operations on behalf of the North Korean regime, most likely as part of a larger effort to develop revenue streams circumventing U.N. sanctions. The “FastCash 2.0” report focuses on the novel targeting of ATMs, overlapping with bank intrusion activities and previously known APT38 activity, although we cannot confirm that the FastCash tactics are specifically attributable to or unique to APT38. The group maintains and develops a robust suite of malware families specifically designed to target the banking industry and its peripheries. We have reported on several of the malware families included in the report, including the malware identified as “CROWDEDFLOUNDER”, which we track as CHEESETRAY, a robust proxy-aware backdoor that can operate in both an active and passive mode which we have observed in APT38 bank intrusion activity. We track the tunneler “ELECTRICFISH” under the moniker FULLHOUSE, which is a command-line TCP tunneling tool that supports basic and NTLM proxy authentication. However, we have only observed the malware identified as “HOPLIGHT”, which we track as HANGMAN, being leveraged by TEMP.Hermit. The tool’s reported use in activity directly targeting banks highlights how financially-motivated North Korean operations share malware code and other development resources with cyber espionage groups sponsored by the regime. - Fred Plan, Senior Analyst, Mandiant Threat Intelligence, FireEye
Home >> Banking & Investments Section
Hotel Indigo Redefines Art Experience with Launch of Keerthana's First Supper
Roghani, Golestan claim Padel crown at 11th Nad Al Sheba Sports Tournament
ADNOC Distribution Shareholders Approve New Five-Year Dividend Policy As Company ...
flydubai adds two destinations in the Kingdom of Saudi Arabia
Media Statement on the occasion of Zayed Humanitarian Day: Humaid Al Dhaheri, Ma ...
Snap, Savour and Win: Dubai Food Festival and Gulf Photo Plus Launch Photograph ...
Greenpeace MENA Reveals North Africa's Polluters- Time for Urgent Action!
Hotpack Global MD emerges Founding VC of Paper and Tissue Business Group at Duba ...
Dubai Shopping Malls Group Set To Delight Shoppers With New ‘Shop. Scan & Win' E ...
Power to progress: Kia K4 next-generation compact sedan sets new design standard ...
Etihad Rail signs agreement for waste management services with BEEAH Group
Rowland Seeks To Extend Nissan's Podium Streak In Front Of Sell-Out Home Crowd A ...
Union Coop joins forces with Emirates Skywards
Identity and Dubai Police in Wheelchair Basketball final at Nad Al Sheba Sports ...
Abu Dhabi Chamber and UAE International Investors Council Sign Collaboration Agr ...
Al Haramain Group shares its business growth by hosting UAE's largest Iftar for ...
5th Ramadan Heroes supports 224,000+ beneficiaries in two weeks
Call for Entries for Milestone Tenth Edition of Van Cleef & Arpels Middle East E ...
Emirates Adds Saf On Flights From Amsterdam Schiphol Airport
Formula E Races Into Asphalt 9: Legends With Time-Limited Events Ahead Of Tokyo ...