The North Korean government is stealing tens of millions of dollars by hacking into banks and forcing ATMs to dispense cash to mules.
An investigation by cyber security firm Symantec has now uncovered the key component used in the financial attacks, which were first announced in a US alert in October.
Federal agencies are referring to the campaign as "FASTCash" and reported that in a single incident in 2017, hackers enabled cash to be simultaneously withdrawn from ATMs across more than 30 countries.
In another FASTCash incident this year, cash was simultaneously withdrawn from ATMs in 23 different countries – primarily believed to be based in Africa and Asia.
Another cyber security company, FireEye, said in October that the North Koreans have an elaborate network to launder money and are actively targeting banks across the world.
Symantec has identified how the hackers take deploy malware once inside of targeted banks' computer networks to make the ATMs dispense money by sending fraudulent approval messages when the attackers request to withdraw cash.
Sanctions against the isolated nation may also be driving an escalation in attempted cyber heists, senior intelligence analysts at FireEye said.
The firm was retained by the FBI to do malware analysis during the investigation into the North Korean government hacker Park Jin Hyok and has been following the activities of the so-called cyber crime Lazarus Group for a number of years.
The pace of financially motivated hacking activity from Pyongyang "probably reflects increasingly desperate efforts to steal funds to pursue state interests", the company said.
North Korea has historically manufactured drugs, counterfeit currency and engaged in smuggling to keep its economy afloat, and cyber security firms consider the hacking as a similar form of activity.
More from North Korea
As the regime's intelligence apparatus is familiar with money laundering networks in South East Asia, financial institutions there are among the first targeted.
North Korea's government is currently the only regime prepared to put considerable resources into cyber operations that will supplement its national budget.