The Cybersecurity Security and Infrastructure Security Agency (CISA), the Department of the Treasury, the Federal Bureau of Investigation, and U.S. Cyber Command have released a joint Technical Alert and three Malware Analysis Reports (MARs) on the North Korean government’s ATM cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to the group behind FASTCash as BeagleBoyz, a subset of HIDDEN COBRA.
CISA encourages users and administrators to review the following resources for more information.
- Joint Technical Alert: FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
- MAR-10301706-1.v1: North Korean Malware: ECCENTRICBANDWAGON
- MAR-10301706-2.v1: North Korean Malware: VIVACIOUSGIFT
- MAR-10257062-1.v2: North Korean Malware: FASTCASH for Windows
- North Korean Malicious Cyber Activity page
This product is provided subject to this Notification and this Privacy & Use policy.