Search

US Charges 31 More Suspects Linked to ATM Malware Attacks

Cyber threats and incidents
By Evan Rowe

Related

AI and security

CISOs and Security Leaders to Watch in Australian Manufacturing and Industrial

Australia’s manufacturing and industrial sectors are operating at the...
Read more
Cyber threats and incidents

Python-Based PyRAT Targets Windows and Linux Systems

What happened K7 Security Labs researchers identified a Python-based remote...
Read more
Cyber threats and incidents

Exposed Open Directory Leaks BYOB Malware Framework

What happened An exposed open directory was discovered hosting a...
Read more
AI and security

BlackIce Red Teaming Toolkit Released for AI Security Testing

What happened Databricks introduced BlackIce, a containerized toolkit designed to...
Read more
Cyber threats and incidents

FortiCloud SSO Authentication Bypass Exploited

What happened An authentication bypass vulnerability affecting FortiCloud Single Sign-On...
Read more

Share

What happened

US charges 31 more suspects linked to ATM malware attacks when a federal grand jury in the District of Nebraska returned a new indictment charging 31 additional individuals for their alleged roles in a transnational “ATM jackpotting” conspiracy using Ploutus malware to steal cash from bank and credit union ATMs across the United States. The expanded indictment brings the total charged in the ongoing investigation to 87 defendants, with most suspected of affiliation with the Venezuelan Tren de Aragua (TdA) gang and some Colombian nationals. Prosecutors allege defendants used sophisticated malware to issue unauthorized commands to ATM cash-dispensing modules to force machines to release funds, causing millions of dollars in losses. Charges include conspiracy to commit bank fraud, unauthorized access to protected computers, bank burglary, and related offenses, and the U.S. Department of Justice (DOJ) and Joint Task Force Vulcan are leading the coordinated effort. 

Who is affected

Financial institutions including banks and credit unions with ATM systems in the United States are directly affected by theft and fraud losses; law enforcement and financial sector risk teams are indirectly affected through investigations and mitigation of malware exploitation. 

Why CISOs should care

Malware-driven “jackpotting” attacks on ATM infrastructure demonstrate how threat actors can exploit payment and kiosk systems to cause direct financial loss, undermine trust in financial channels, and expose weaknesses in ATM endpoint security and operational safeguards. 

3 practical actions

  • Harden ATM endpoint security: Implement multi-layer defense controls on ATM hosts, including application allowlisting, integrity monitoring, and removal of direct local administrative access.

  • Monitor for anomalous ATM behavior: Deploy logging and SIEM rules for unexpected cash-dispensing commands and unusual network traffic from ATM management systems.

  • Engage in threat intelligence sharing: Coordinate with financial ISACs and law enforcement on emerging ATM malware indicators and campaign patterns.

Previous article
CISOs & Security Leaders to Watch in Australia’s Supply Chain & Logistics Sector
Next article
Chinese Mustang Panda Hackers Deploy Infostealers via CoolClient Backdoor
AI and security

CISOs and Security Leaders to Watch in Australian Manufacturing and Industrial

Australia’s manufacturing and industrial sectors are operating at the...
Cyber threats and incidents

Python-Based PyRAT Targets Windows and Linux Systems

What happened K7 Security Labs researchers identified a Python-based remote...

Subscribe to our stories

To be updated with all the latest news, offers and special announcements.