International Criminal Group responsible for ATM Malware attacks taken down

The Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism (DIICOT), assisted by Europol and Eurojust as well as a number of European Law Enforcement authorities, disrupted an international criminal group responsible for ATM malware attacks.

This operation, one of the first in Europe against this kind of threat, resulted in multiple house searches in Romania and the Republic of Moldova and the final arrest of 8 individuals. The criminals used Tyupkin ATM malware which allowed the attackers to manipulate ATMs across Europe and illegally empty ATM cash cassettes.

The criminal group, composed of Romanian and Moldovan nationals, was involved in large scale ATM “Jackpotting”, causing substantial losses across Europe to the ATM industry.  ATM “Jackpotting” refers to the use of a Trojan horse, physically launched via an executable file in order to target an ATM, thus allowing the attackers to empty the ATM cash cassettes via direct manipulation, using the ATM PIN pad to submit commands to the Trojan.

The criminal group, composed of Romanian and Moldovan nationals, was involved in large scale ATM “Jackpotting”, causing substantial losses across Europe to the ATM industry.  ATM “Jackpotting” refers to the use of a Trojan horse, physically launched via an executable file in order to target an ATM, thus allowing the attackers to empty the ATM cash cassettes via direct manipulation, using the ATM PIN pad to submit commands to the Trojan.

Europol’s European Cybercrime Centre (EC3) supported police forces across Europe in their efforts to identify the suspects by hosting a number of international operational meetings and analysing intelligence. This joint international effort follows on a previous successful action against the threat posed by this type of malware.  For more information visit the EC3 Website.

EC3 recognises the severity of the threat presented by ATM logical and malware attacks and has prepared security guidelines regarding this new cyber threat to ATMs. The production of this document was coordinated by EAST, and is the first of its kind.

The guidance and recommendations regarding logical attacks on ATMs, which also covers malware attacks, is an excellent example of a coordinated central response from both Law Enforcement and the industry to fighting ATM malware threats in an effort to respond much more quickly and effectively.

These guidelines are available to Law Enforcement through Europol channels and to EAST Members (National and Associate).