FASTCash was a DPRK-attributed banking campaign in which HIDDEN COBRA/Lazarus-linked operators compromised payment-switch infrastructure to authorize fraudulent ATM withdrawals by manipulating ISO 8583 transaction responses. Reports describe AIX and later Linux/Windows payment-switch malware injected into switch processes, use of stolen credentials and lateral movement inside bank networks, and activity affecting banks across Africa, Asia, and other countries from at least 2016 through later variants.