A joint advisory from the Cybersecurity and Infrastructure Security Agency, the Department of the Treasury, the Federal Bureau of Investigation and U.S. Cyber Command has been sent to U.S. financial institutions, warning of the return of a North Korean governmental operation known as “FastCash 2.0,” according to a report in NK News. The operation turns phishing emails into malware and causes ATM withdrawals to produce a constant flow of physical cash until the machine is empty.
These hacks have been occurring at coordinated times in North America, East Asia and Africa, and often use local gangs to pick up the physical cash. The FastCash 2.0 operation hacks targeted ATMs using Windows servers instead of just AIX servers, as well as interbank automated payment processors that approve or deny transactions between banks.
The North Korean hackers are known to U.S. agencies by the name, BeagleBoyz, and have been linked to cybercrime since 2014. The group conducts well-planned, methodical cyber operations that have netted hundreds of millions of U.S. and international dollars. According to the advisory, the group uses a calculated approach, which has helped them evade detection. “The group maintains and develops a robust suite of malware families specifically designed to target the banking industry and its peripheries,” Fred Plan, a senior analyst at Mandiant Threat Intelligence, said in the report.