Everyday is lazarus.dayβ


2020-08-26, USCISA
FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
"The BeagleBoyz, an element of the North Korean government’s Reconnaissance General Bureau, have likely been active since at least 2014. As opposed to typical cybercrime, the group likely conducts well-planned, disciplined, and methodical cyber operations more akin to careful espionage activities. Their malicious cyber operations have netted hundreds of millions of U.S. dollars and are likely a major source of funding for the North Korean regime. The group has always used a calculated approach, which allows them to sharpen their tactics, techniques, and procedures while evading detection. Over time, their operations have become increasingly complex and destructive. The tools and implants employed by this group are consistently complex and demonstrate a strong focus on effectiveness and operational security."


Also known as

Name Named by AKA First seen Last seen
APT38 Mandiant BlueNoroff 2018-10-03 2023-10-10
BeagleBoyz USCISA BlueNoroff 2020-08-26 2020-08-26
BlackDev2 PWC BlueNoroff 2021-09-08 2023-04-12
BlueNoroff Kaspersky - 2017-04-03 2024-01-04
CryptoCore Clearskysec BlueNoroff 2020-06-24 2021-05-24
NickelGladstone SecureWorks BlueNoroff - -
REF9135 Elastic BlueNoroff 2023-06-29 2023-06-29
RedCarpet KRCERT BlueNoroff - -
StardustChollima CrowdStrike BlueNoroff 2018-02-26 2019-02-19
T-APT-15 Tencent BlueNoroff 2018-03-07 2018-03-07
TAG-71 Recordedfuture BlueNoroff 2023-06-06 2024-01-10
TEMP.Hermit Fireeye BlueNoroff 2017-09-13 2023-10-10
TraderTraitor USCISA BlueNoroff 2022-04-18 2023-08-22