CISA, NSA, and the FBI have issued a joint warning against a North Korean hacking group they're calling the BeagleBoyz in an apparent homage to the homophonicaly named Mickey Mouse comic villains. The BeagleBoyz, the agencies assess, are a subgroup of Pyongyang's Hidden Cobra threat group, which itself overlaps to a large extent the actors industry tends to call the Lazarus Group. The BeagleBoyz are online bank robbers responsible for the FASTCash ATM looting campaign and other assaults on bank payment systems. Their motive is financial gain for a North Korean regime that labors under the international sanctions appropriate to a rogue state. CISA, NSA, and the Bureau point out that the BeagleBoyz pose risks that go beyond financial loss: reputational damage, the opportunity costs of increased security, and erosion of the confidence on which the international financial system depends.
Proofpoint describes improved deception tactics being practiced by the TA2719 threat actor: better visuals and local languages in phishbait surrounding Nanocore and AsyncRAT remote access Trojan hooks.
WIRED takes a look at the DarkSide ransomware and its operators, whom it sees as "corporate" and "cruel," a distillation of underworld trends toward careful target selection, careful calibration of demands to offer a painful but tempting option to pay, and with ruthless reprisal against victims who refuse them.