• The hackers, known as the BeagleBoyz, used malware known as FASTCash to empty ATMs
  • The BeagleBoyz are controlled by North Korean intelligence and part of a group known as Hidden Cobra
  • They have tried to steal $2 billion since 2015, including $1 billion from the New York Fed

U.S. investigators said Wednesday hackers tied to the North Korean government are funding the government’s nuclear weapons program by draining ATMs and making fraudulent money transfers. The hackers have attempted to steal $2 billion since 2015.

The investigation by the FBI, Homeland Security, Treasury and U.S. Cyber Command found the campaign includes spearphishing, was aimed at the retail payment infrastructure known as SWIFT and involved “lucrative cryptocurrency thefts.”

“North Korea's intelligence apparatus controls a hacking team dedicated to robbing banks through remote internet access,” a joint statement by the agencies said. The hackers are referred to as the BeagleBoyz, which likely have been around since 2014 and are part of a larger group known as Hidden Cobra. Some of their activities have been contracted out to known criminal groups.

Bryan Ware, assistant director for cybersecurity at the Department of Homeland Security, called the hackers’ approach “imaginative” for the ability to alter tactics to evade detection.

In 2018, the BeagleBoys used wiper malware to crash thousands of computers and servers to provide cover for an attack against a bank in Chile and took down Africa’s ATM network for two months as a result of its theft efforts. The hackers also attacked financial institutions in Brazil, India, Indonesia, Spain, Turkey and throughout Southeast Asia. It was blamed for an $81 million theft from the Bank of Bangladesh as part of an attempted $1 billion theft from the Federal Reserve Bank of New York.

“The BeagleBoyz initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors. This suggests the BeagleBoyz are exploring upstream opportunities in the payments ecosystem,” the statement said.

The campaign “presents risks to financial institutions across the world,” the statement said.

“Any BeagleBoyz robbery directed at one bank implicates many other financial services firms in both the theft and the flow of illicit funds back to North Korea. BeagleBoyz activity fits a known North Korean pattern of abusing the international financial system for profit,” the statement said, adding 30 countries could be implicated in a single incident.