The DHS, FBI, and Treasury have discovered a 'malware and other indicators of compromise (IOCs)' that the North Korean government used for an ATM cash-out scheme. They have named the project HIDDEN COBRA and refer to the attack as 'FASTCash'. Attackers remain in the victim's network to enable the exploitation. If users or administrators detect malware activity tied to FASTCash, they should report it immediately to DHS National Cybersecurity and Communications Integration Center (NCCIC) or the FBI Cyber Watch (CyWatch).

Relevant URL(s): https://www.us-cert.gov/ncas/alerts/TA18-275A