Several United States government agencies issued an alert on Friday to financial institutions about a North Korea-backed hacking group known as the BeagleBoyz.
In a joint statement, the Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency (CISA), Department of the Treasury, and the U.S. Cyber Command (USCYBERCOM) said the hackers steal money through fraudulent bank transfers and ATM cashouts throughout several countries, including the United States.
"Since February 2020, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cashouts," the agencies said in the release. "The recent resurgence follows a lull in bank targeting since late 2019. This advisory provides an overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector."
Active since 2014, the group stole $81 million from the Bank of Bangladesh in 2016, and were responsible for the FastCash ATM attacks in 2018, the agencies said.
The group has attempted to steal nearly $2 billion since at least 2015, the alert said.
"Any BeagleBoyz robbery directed at one bank implicates many other financial services firms in both the theft and the flow of illicit funds back to North Korea," the alert stated.
According to the warning, the hackers have also targeted financial institutions in Argentina, Chile, India, Japan, Mexico, South Korea, and Spain.