Cybersecurity researchers have uncovered a multi-year ATM fraud campaign by the UNC2891 threat group targeting Indonesian banks, utilizing advanced malware and social engineering tactics. The campaign involved cloned cards, money mule networks, and persistent system infiltration, highlighting the evolving nature of ATM-based cyber threats. #UNC2891 #STEELCORGI #CAKETAP #ATMrotection #BankA #BankB
Keypoints
- UNC2891 conducted multiple ATM attacks against Indonesian banks over several years.
- The threat group used malware like CAKETAP to bypass ATM PIN verification and transaction protocols.
- They recruited money mules through online ads and Telegram channels, shipping cloned cards for cash withdrawals.
- The group employed advanced anti-forensics and persistence techniques to maintain long-term access.
- Researchers warn that ATM threats are evolving and remain a significant cybersecurity concern for financial institutions.
Read More: https://www.infosecurity-magazine.com/news/unc2891-money-mule-network-atm/