UNC2891 is a threat actor exploiting physical access and a Raspberry Pi device with 4G connectivity to target ATM networks for financial fraud. Their sophisticated tactics include using backdoors and rootkits like CAKETAP to evade detection and manipulate ATM transactions. #UNC2891 #CAKETAP
Keypoints
- The threat actor used a 4G-enabled Raspberry Pi to access ATM networks remotely.
- They installed the device within the target network by compromising physical access.
- The attack involved using the TINYSHELL backdoor for command-and-control communication.
- Custom rootkits and backdoors like CAKETAP and “lightdm” helped hide malicious activity and intercept data.
- The operation was disrupted before it could cause significant damage, but the threat remains significant for ATM security.
Read More: https://thehackernews.com/2025/07/unc2891-breaches-atm-network-via-4g.html