The BeagleBoyz, an element of the North Korean government’s Reconnaissance General Bureau, have likely been active since at least 2014.
As opposed to typical cybercrime, the group conducts well-planned, disciplined, and methodical cyber operations more akin to careful espionage activities. Their malicious cyber operations have netted hundreds of millions of U.S. dollars and are likely a major source of funding for the North Korean regime. The group has always used a calculated approach, which allows them to sharpen their tactics, techniques, and procedures while evading detection. Over time, their operations have become increasingly complex and destructive. The tools and implants employed by this group are consistently complex and demonstrate a strong focus on effectiveness and operational security.
After a lull beginning in late 2019, since February 2020, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cash outs. This advisory document provides an overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector. Click here to read the full article.