Hackers use hidden Raspberry Pi and custom malware to attack bank ATMs

What just happened? A recently uncovered attempted bank heist illustrates the growing sophistication and audacity of cybercriminal operations targeting financial institutions. The incident involved a combination of physical intrusion, advanced malware, and anti-forensic measures to allow fraudulent ATM withdrawals from a targeted bank's network.

In a striking example of how the combination of physical compromise, network manipulation, and technical subterfuge is reshaping the threat landscape for banks and other critical infrastructure providers. This incident also highlights the importance of comprehensive security protocols that address both digital and physical attack vectors.

The investigation began when Group-IB observed unusual activity on a bank's internal monitoring server. Further analysis led to the discovery of a Raspberry Pi physically connected to the bank's ATM network switch.

Equipped with a 4G cellular modem, this device provided a bridge between the bank's internal systems and external attackers, bypassing conventional network perimeter defenses ...