Money Heist: North Korea’s Beagleboyz behind Airtel & MTN Mobile money loss hysteria

Reading Time: 2 minutes

Money Heist:  North Korea’s Beagleboyz behind Airtel & MTN Mobile money loss hysteria. Whisper Eye Reports

Uganda financial institutions were targeted by notorious North Korea team known as Beagleboys and walked away with billions without even stepping in Uganda.

Since February 2020, North Korea has resumed targeting banks in multiple countries to initiate fraudulent international money transfers and ATM cash outs. The recent resurgence follows a lull in bank targeting since late 2019. Notes a warning by the cybersecurity & Infrastructure Security Agency.

Uganda leading telecoms MTN, Airtel in a joint press statement to the public noted the unknown experience which disabled Bank to Mobile Money transactions.

It said that on Saturday 3rd October 2020 a third-party service provider experienced a system incident.

They all joined to suspended mobile money services immediately.

This kind of behaviour had started on Wednesday last week. Whisper Eye was able to speak to one Ugandan name withheld who was frustrated to send money to his workers from the UK using her Centenary Bank.

Centenary Bank is down for instant transfers right now. Your card wasn’t charged. We’ll text you when it’s back up! A statement from her send wave reads right away.

Uganda affected banks and telecoms said the system incident has had no impact on any balances of customers however reports indicate billions was lost when highly advanced fraudsters freely hacked the systems.

Express news reports that US authorities warned the global community over an uptick in invisible bank heists carried out by North Korean hacking agents.

Just 20 months ago the BeagleBoyz managed to get away with £9million from cash points around the world. Many of those involved would never have known where the money would end up, with some people employed by legitimate appearing businesses and employers to drain cash machines of money.

The BeagleBoyz, an element of the North Korean government’s Reconnaissance General Bureau, have likely been active since at least 2014. As opposed to typical cybercrime, the group likely conducts well-planned, disciplined, and methodical cyber operations more akin to careful espionage activities.

Their malicious cyber operations have netted hundreds of millions of U.S. dollars and are likely a major source of funding for the North Korean regime. The group has always used a calculated approach, which allows them to sharpen their tactics, techniques, and procedures while evading detection.

Over time, their operations have become increasingly complex and destructive. The tools and implants employed by this group are consistently complex and demonstrate a strong focus on effectiveness and operational security.

The BeagleBoyz overlap to varying degrees with groups tracked by the cybersecurity industry as: APT38 (FireEye), Bluenoroff (Kaspersky), Lazarus Group (ESTSecurity), and Stardust Chollima (CrowdStrike).

The BeagleBoyz likely have targeted financial institutions in the following nations from 2015 through 2020: Argentina, Brazil, Bangladesh, Bosnia and Herzegovina, Bulgaria, Chile, Costa Rica, Ecuador, Ghana, India, Indonesia, Japan, Jordan, Kenya, Kuwait, Malaysia, Malta, Mexico, Mozambique, Nepal, Nicaragua, Nigeria, Pakistan, Panama, Peru, Philippines, Singapore, South Africa, South Korea, Spain, Taiwan, Tanzania, Togo, Turkey, Uganda, Uruguay, Vietnam, Zambia (figure 1).

The BeagleBoyz are not alone in their cyber endeavours.

They are regularly supplemented and work with other hacking groups under Kim’s control, including a major team known as Lazarus.

On top of the money stolen solely for its weapons programme, North Korean hacking groups are thought to be engaged in a near continuous campaign of global cyber crime by actors from rogue states to criminal gangs which is estimated to be worth some £1.2trn a year.

Additional reporting by cybersecurity & Infrastructure Security Agency.