Hackers tied to the North Korean government are attacking ATMs globally to fund the cash-strapped country to keep up with its nuclear weapons program, four US federal agencies have warned.
One North Korean hacking team has attempted to steal nearly $2 billion from ATMs in more than three dozen countries.
The hackers are “trying to rob banks across the globe by draining ATMs and initiating fraudulent money transfers”, The Wall Street Journal reported on Wednesday.
The campaign includes so-called spear-phishing attacks “which use fraudulent email to infect a computer or persuade the victim to reveal a password or other information, and social engineering schemes”.
“Since February, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cashouts,” according to the joint alert issued by the Cybersecurity and Infrastructure Security Agency (CISA), Treasury Department, Federal Bureau of Investigation (FBI) and the US Cyber Command.
“Equally concerning, these malicious actors have manipulated and, at times, rendered inoperable, critical computer systems at banks and other financial institutions.”
The agencies issued the joint technical alert about the ongoing ATM cash-out scheme by North Korean government cyber actors – referred to as “FASTCash 2.0: North Korea’s BeagleBoyz Robbing Banks”.
The alert provided important, new details about the resumption of a North Korean cyber-enabled bank robbery scheme targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cashouts.
“North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations,” said Bryan Ware, Assistant Director of Cybersecurity, CISA.
Matt Gorham, Assistant Director of the FBI’s Cyber Division, added: “As we work together across the US government, we constantly look for opportunities to mitigate our cyber adversaries’ ability to do us harm, just as we are doing today with the release of this advisory.”
North Korea uses cyber-enabled tactics and techniques to steal currency, which it would otherwise be denied under international sanctions.
“The Cyber National Mission Force is laser-focused on the away game- we understand what our adversaries are doing, and we share this information with our partners to take action against them,” said Brig Gen Joe Hartman, Cyber National Mission Force Commander.