In search of riches, hackers plant 4G-enabled Raspberry Pi in bank network
9 months ago
- #bank-hacking
- #cybersecurity
- #malware
- Hackers used a Raspberry Pi with a 4G modem to infiltrate a bank's network and target its ATM system.
- The attack bypassed perimeter defenses using a novel Linux bind mount technique to hide malware.
- The goal was to compromise the ATM switching server and manipulate the bank’s hardware security module.
- The group behind the attack, UNC2891, is financially motivated and has targeted banks since at least 2017.
- UNC2891 is known for using custom malware against Linux, Unix, and Oracle Solaris systems.
- In 2022, Mandiant observed UNC2891 operating undetected for years, using malware like CakeTap, SlapStick, and TinyShell.
- Group-IB's report confirms UNC2891 remains active, employing advanced methods to evade detection in bank networks.