The cybersecurity expert Brian Krebs: The malware has undergone a rebrand. Binary is virtually identical, and employs the same "MZ-as-alternative-entrypoint" trick.
US cyber security experts: North Korea’s BeagleBoyz hackers are targeting banks in over 30 countries in an ongoing cyber-enabled bank robbery scheme, attempting to steal $2 Billions
North Korea’s BeagleBoyz hackers are targeting banks in over 30 countries in an ongoing cyber-enabled bank robbery scheme, attempting to steal $2 Billions. The operation, dubbed “FASTCash 2.0”, has been denounced by the Cybersecurity and Infrastructure Security Agency (CISA), the Department of the Treasury (Treasury), the Federal Bureau of Investigation (FBI) and U.S. Cyber Command (USCYBERCOM). The threat actors, a subset of HIDDEN COBRA activity, use a variety of tools and techniques to gain access to a financial institution’s network, learn the topology to discover key systems, and monetize their access. Moreover, they may also be working with or contracting out to cybercrime groups, like TA505, for initial access development. The third party typically uses commodity malware to establish initial access on a victim’s network and then turns over the access to the BeagleBoyz for follow-on exploitation, which may not occur until months later.