U.S. issues warning on North Korean hackers targeting banks worldwide

Financial Crimes Department of Treasury Fraud Of Interest to Non-US Persons

On August 26, a joint alert was issued by the Cybersecurity and Infrastructure Security Agency (CISA), the U.S. Treasury Department, the FBI, and U.S. Cyber Command warning that since February 2020, North Korean hackers have resumed targeting banks worldwide through the use of fraudulent international money transfers and ATM cash-outs. The alert provides an “overview of North Korea’s extensive, global cyber-enabled bank robbery scheme, a short profile of the group responsible for this activity, in-depth technical analysis, and detection and mitigation recommendations to counter this ongoing threat to the Financial Services sector.” The North Korean hackers, the alert notes, were responsible for stealing $81 million from a Bangladeshi bank in 2016, and have engaged in fraudulent ATM cash-outs affecting upwards of 30 countries in a single incident. According to the alert, the hackers’ “international robbery scheme” poses “severe operational risk” for individual banks beyond reputational harm and financial losses. A robbery directed at one bank may implicate multiple banks “in both the theft and the flow of illicit funds back to North Korea,” the alert warns. The hackers “initially targeted switch applications at individual banks with FASTCash malware but, more recently, have targeted at least two regional interbank payment processors,” the alert states, cautioning that this suggests the hackers “are exploring upstream opportunities in the payments ecosystem.”