WASHINGTON—The U.S. government is warning that hackers tied to the North Korean government are trying to rob financial institutions around the world by draining ATMs and initiating fraudulent money transfers as the cash-strapped government seeks more funds.
According to multiple U.S. government agencies, the campaign includes so-called spearphishing attacks and social engineering schemes. The effort has been under way since at least February and represents a resurgence of operations after an apparent lull in bank robberies by North Korea last year, the Federal Bureau of Investigation, Department of Homeland Security, U.S. Treasury Department and U.S. Cyber Command said in a joint statement.
The hackers have also aimed at retail payment infrastructures and interbank payment processors, according to the agency statement.
“North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations,” Bryan Ware, assistant director for cybersecurity at the Department of Homeland Security, said in a statement.
The Wall Street Journal quoted U.S. and U.N. officials as saying North Korea’s cyber-thefts are overseen by the nation’s intelligence agency and reap billions of dollars, money that is used by the Kim Jong Un regime to preserve its dictatorial grip on power, fund its vast military and its weapons programs. “That revenue has been critical in offsetting income from other activities lost in the wake of economywide U.N. sanctions,” the Journal said.
‘BeagleBoyz’ Allegedly Behind Effort
The agencies attributed the campaign to a North Korean hacking team the U.S. government has named BeagleBoyz that specializes in robbing banks through remote Internet access, the Journal reported. The group has targeted financial institutions in India, Brazil, Indonesia, Spain, Turkey and several countries throughout Southeast Asia and Africa since 2015, the agencies said.
U.N. investigators told the Journal the complexity of the orchestrated ATM thefts across dozens of countries shows North Korea’s cyber capabilities have become dangerously sophisticated.
The agencies linked the BeagleBoyz group to the theft of $81 million from the Bank of Bangladesh in 2016, part of an attempted $1 billion heist disrupted by the Federal Reserve Bank of New York.
U.S. security officials say withdrawals like that require North Korea’s agents to join with local and international criminal organizations that get a cut of the booty for stationing people at the ATMs, the Journal said.
Attacks in Africa, Chile
“ATM and retail point of sale services for an unidentified bank in Africa were down for two months in 2018 after an attempted theft,” the Journal reported. “A bank in Chile was hit with a type of file-destroying malware that crashed thousands of computers and distracted from efforts by the hackers to send fraudulent financial transaction statements via the bank’s compromised SWIFT terminal, which is used by banks to securely send and receive money with each another.”
According to the report, BeagleBoyz is part of a broader umbrella of North Korean hacking activity known as Hidden Cobra, the alert said, and they overlap with another entity known as Lazarus, which industry and government analysts say was responsible for the 2018 campaign against Cosmos Bank.