The scheme, referred to by the US Government as “FASTCash”, is part of a malicious cyber activity conducted by the North Korean government called HIDDEN COBRA. The schemes remotely compromise payment switch application servers within banks to facilitate fraudulent transactions.
Since at least late 2016, HIDDEN COBRA actors have used FASTCash tactics to target banks in Africa and Asia. At the time of the announcement, October 2nd, the US Government has not confirmed any FASTCash incidents affecting institutions within the United States. Nevertheless, HIDDEN COBRA actors will continue to use FASTCash tactics to target retail payment systems vulnerable to remote exploitation.
According to a trusted partner’s estimation, HIDDEN COBRA actors have stolen tens of millions of dollars. In one incident in 2017, these enabled cash to be simultaneously withdrawn from ATMs located in over 30 different countries. In another incident in 2018, the criminals enabled cash to be simultaneously withdrawn from ATMs in 23 different countries.
HIDDEN COBRA actors target the retail payment system infrastructure within banks to enable fraudulent ATM cash withdrawals across national borders. These fraudsters have configured and deployed legitimate scripts on compromised switch application servers in order to intercept and reply to financial request messages with fraudulent but legitimate-looking affirmative response messages.
Source US-CERT
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now