A covert attack using a Raspberry Pi device targeted ATM infrastructure through physical access, employing advanced anti-forensics techniques and stealthy malware. The incident underscores the need for enhanced monitoring and security measures for banking systems. #UNC2891 #TINYSHELL
Keypoints
- The attack involved physical access to an ATM network and the use of a Raspberry Pi with a 4G modem for remote intrusion.
- Cybercriminals installed a custom backdoor named TINYSHELL to maintain persistent access via dynamic DNS.
- The malware masked itself as legitimate system processes and used Linux techniques like bind mounts to evade detection.
- The attackers aimed to compromise the ATM switching server to deploy a rootkit for fraudulent withdrawals.
- Experts recommend monitoring system calls, securing physical ports, and capturing memory during incident response.
Read More: https://www.infosecurity-magazine.com/news/backdoor-atm-network-raspberry-pi/