BeagleBoyz

Threat Actor updated 4 months ago (2024-05-04T20:26:24.144Z)

Download STIX

Preview STIX

The BeagleBoyz, also known as threat activity group 71 (TAG-71), is a significant cybersecurity threat actor with strong ties to the North Korean state-sponsored APT38. This group, recognized under various aliases such as Bluenoroff and Stardust Chollima, has been involved in extensive cyber operations primarily targeting financial institutions. The group's modus operandi involves gaining initial access into targeted networks using techniques like spearphishing and watering holes. Once inside, they deploy a variety of reconnaissance tools or use commonly available administrative tools for malicious purposes to learn about the network topology and discover key systems. The BeagleBoyz have demonstrated an advanced understanding of banking systems and processes, which they exploit for monetary gains. They use a variety of techniques to run their code on both local and remote victim systems. Their signature tool, FASTCash malware, is used to manipulate transactions processed by a switch application. Depending on the operating system running on the server hosting the bank’s payment switch application, they deploy functionally equivalent versions of FASTCash for both UNIX and Windows. The group manipulates business and operational processes, intercepting financial request messages and replying with fraudulent but legitimate-looking affirmative response messages in the ISO 8583 format. The activities of BeagleBoyz pose severe operational risks for financial firms, extending beyond reputational harm to include financial loss from theft and recovery costs. The group's ability to modify publicly available source code to write parts of their tools suggests a high level of sophistication. They have also demonstrated the capability to modify their techniques based on the attributes of the environment they encounter during exploitation. The cybersecurity community and Financial Services sector have released substantial information about the BeagleBoyz's manipulation of compromised SWIFT terminals, revealing their ability to monitor these systems, send fraudulent messages, and attempt to hide their fraudulent activity from detection.

Description last updated: 2024-05-04T19:44:59.035Z

What's your take? (Question 1 of 0)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Possible Aliases / Cluster overlaps

It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.

ID	Votes	Profile Description
APT38	2	APT38, also known as TA444, BlueNoroff, BlackAlicanto, Coperenicum, Sapphire Sleet, and Stardust Chollima, is a North Korea-linked advanced persistent threat (APT) group. It has conducted operations in over 16 organizations across at least 11 countries, primarily targeting financial institutions wor

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Source Document References

Information about the BeagleBoyz Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Preview	Source Link	CreatedAt	Title
	CERT-EU	a year ago	North Korean-linked APT groups focus on financial gain, intelligence gathering
	MITRE	2 years ago	FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks \| CISA