Federal authorities are issuing an alert about an automated teller machine (ATM) cash-out scheme by North Korean government cyber actors.
This scheme is referred to as “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks.” The alert – issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI), and U.S. Cyber Command (USCYBERCOM) – said these North Korean actors are using malware to try to gain unauthorized access to victim networks, ATMs or point of sale systems.
“North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations,” Bryan Ware, assistant Director of Cybersecurity at CISA, said. “CISA and our interagency partners work closely with industry to provide actionable, specific, and timely cyber threat information, like today’s alert. Our aim is to disrupt and defeat malicious cyber campaigns and help government and industry partners prioritize resources to highest risk to stay one step ahead of adversaries.”
This alert adds to a large and still growing list of malicious cyber activity by North Korean state actors. Organizations, specifically those in the financial services sector, should give this activity the highest priority for assessing their networks and implementing appropriate mitigation.
“At the FBI, our mission is to impose risk and consequences on cyber adversaries through our unique blend of authorities, capabilities, and enduring partnerships,” Matt Gorham, assistant director Cyber Division at the FBI, said. “The partnership piece is key. We believe cyber is the ultimate team sport and we have great partners at CISA, Treasury, and U.S. Cyber Command. As we work together across the U.S. Government, we constantly look for opportunities to mitigate our cyber adversaries’ ability to do us harm, just as we are doing today with the release of this advisory.”