Cybersecurity

International Criminal Group Behind ATM Attacks Dismantled

The Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism (DIICOT), assisted by Europol and Eurojust as well as a number of European Law Enforcement authorities, disrupted an international criminal group responsible for ATM malware attacks. This operation, one of the first in Europe against this kind of threat, resulted in multiple house searches in Romania and the Republic of Moldova and the final arrest of eight individuals.

The criminals used Tyupkin ATM malware which allowed the attackers to manipulate ATMs across Europe and illegally empty ATM cash cassettes. Cyber security specialist Kaspersky Labs says that Tyupkin affects ATMs from manufacturers running Microsoft Windows 32-bit.

The criminal group, composed of Romanian and Moldovan nationals, was involved in large scale ATM "Jackpotting", causing substantial losses across Europe to the ATM industry. ATM "Jackpotting" refers to the use of a Trojan horse, physically launched via an executable file in order to target an ATM, thus allowing the attackers to empty the ATM cash cassettes via direct manipulation, using the ATM PIN pad to submit commands to the Trojan.