Sign in Subscribe
Cybersecurity

Bank Intrusion Uncovered: Hacking with Raspberry Pi

Bank Intrusion Uncovered: Hacking with Raspberry Pi

In a bold cyber heist, hackers managed to infiltrate the network of a prominent bank using a 4G-enabled Raspberry Pi. The hackers aimed to manipulate the bank's ATM systems, a move that could have potentially led to massive financial theft.

The attackers, identified as the cybercriminal group UNC2891, executed this innovative tactic to bypass the bank's security defenses. They connected the device to the same network switch as the ATM system, cleverly embedding themselves within the bank's internal framework.

UNC2891 employed a rarely used technique, the Linux bind mount, to conceal their malware, likening its function to that of a sophisticated rootkit. This allowed them to operate undetected within the bank's network, particularly focusing on undermining the ATM switching server.

Their end goal? To control the bank's hardware security module, which is crucial for storing sensitive data like credentials and digital signatures, thereby potentially enabling unauthorized cash withdrawals.

Tracing the group's activity back to 2017, they are known for their adept use of custom malware targeting various systems. A previous investigation by Google's Mandiant discovered 'CakeTap', a rootkit designed for manipulating ATM messages. It highlights the group's advanced threat capacity in remaining covert within targeted networks while deploying tools like SlapStick and TinyShell for expansion.

Particularly concerning was UNC2891's ability to remain stealthy while maintaining a backdoor via a compromised mail server. Using the bank's network monitoring server as a conduit, they ensured communication lines remained open, facilitating ongoing attack execution.

Despite these efforts, Group-IB, the security firm countering these activities, identified discrepancies while investigating network anomalies. An outbound signal from the monitoring server triggered an alert, leading to the discovery of the Raspberry Pi device acting in concert with the bank’s compromised servers.

This operation emphasized the sophistication of modern threats and marked the resilience required from financial institutions to defend against such persistent adversaries. As specialists continue to unravel this complex infraction, the importance of robust digital hygiene and rigorous security checks is underscored more than ever.

Read next