North Korean hackers have resumed robbing banks across the globe by draining cash from ATMs on fraudulent money transfers, multiple US federal agencies warned Wednesday.
A technical alert on the hacker group BeagleBoyz, jointly written by four different agencies including the Treasury Department and FBI, said North Korea resumed the bank heist campaign in February, ending a hiatus in activity from late last year.
North Korea is believed to be funding its nuclear and missile programs with the hacking campaign, titled “Fast Cash” by US law enforcement. They say that Pyongyang’s Reconnaissance General Bureau spy agency is behind the global financial fraud.
The hacker group is suspected of having attempted to steal $2 billion since 2015.
“North Korean government cyber actors have netted hundreds of millions of US dollars and are likely a major source of funding for the North Korean regime,” a spokesperson for the US Cyber Command told Voice of America.
US authorities added the operation is growing in sophistication and volume.
“North Korean cyber actors have demonstrated an imaginative knack for adjusting their tactics to exploit the financial sector as well as any other sector through illicit cyber operations,” Bryan Ware, a senior cybersecurity official at the US Homeland Security Department, said in a statement.
Also on Tuesday, Microsoft asked a US court for a default judgement on a case against the hacking group “Thallium” for stealing sensitive information, as the group had not responded to the summons for trial
In December, Microsoft sued the group, believed to be operating from North Korea, over allegations it used malware to steal data involving government employees, think tanks, university staff members and individuals working on nuclear issues.
Lawyers representing Microsoft said they were unable to identify the perpetrators due to aliases and stolen identities, but summons had been delivered to two individuals strongly suspected to be linked to the criminal activity.
The hacking group used more than a dozen web domains based in six countries to target victims in the US, as well as South Korea and Japan. The victims were tricked into opening emails that appeared credible at first glance, according to Microsoft.
By Choi Si-young (firstname.lastname@example.org