BeagleBoyz

Threat Actor updated 7 months ago (2024-05-04T20:26:24.144Z)
Download STIX
Preview STIX
The BeagleBoyz, also known as threat activity group 71 (TAG-71), is a significant cybersecurity threat actor with strong ties to the North Korean state-sponsored APT38. This group, recognized under various aliases such as Bluenoroff and Stardust Chollima, has been involved in extensive cyber operations primarily targeting financial institutions. The group's modus operandi involves gaining initial access into targeted networks using techniques like spearphishing and watering holes. Once inside, they deploy a variety of reconnaissance tools or use commonly available administrative tools for malicious purposes to learn about the network topology and discover key systems. The BeagleBoyz have demonstrated an advanced understanding of banking systems and processes, which they exploit for monetary gains. They use a variety of techniques to run their code on both local and remote victim systems. Their signature tool, FASTCash malware, is used to manipulate transactions processed by a switch application. Depending on the operating system running on the server hosting the bank’s payment switch application, they deploy functionally equivalent versions of FASTCash for both UNIX and Windows. The group manipulates business and operational processes, intercepting financial request messages and replying with fraudulent but legitimate-looking affirmative response messages in the ISO 8583 format. The activities of BeagleBoyz pose severe operational risks for financial firms, extending beyond reputational harm to include financial loss from theft and recovery costs. The group's ability to modify publicly available source code to write parts of their tools suggests a high level of sophistication. They have also demonstrated the capability to modify their techniques based on the attributes of the environment they encounter during exploitation. The cybersecurity community and Financial Services sector have released substantial information about the BeagleBoyz's manipulation of compromised SWIFT terminals, revealing their ability to monitor these systems, send fraudulent messages, and attempt to hide their fraudulent activity from detection.
Description last updated: 2024-05-04T19:44:59.035Z
What's your take? (Question 1 of 0)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
APT38 is a possible alias for BeagleBoyz. APT38, a threat actor suspected to be backed by the North Korean regime, has been responsible for some of the largest cyber heists observed to date. The group has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions worldwide. Despite
2
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Source Document References
Information about the BeagleBoyz Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more