Close Menu
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
What's Hot

Europol dismantles SIM farm network running 49 million fake accounts worldwide

Wikipedia says AI search summaries and social videos are causing traffic decline

This top VC bets nearly 20% of its money on teenagers – here’s why

Facebook X (Twitter) Instagram
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
Facebook X (Twitter) Instagram
Fyself News
  • Home
  • Identity
  • Inventions
  • Future
  • Science
  • Startups
  • Spanish
Fyself News
Home » UNC2891 violates ATM network via 4G Raspberry Pi and attempts Caketap rootkit for fraud
Identity

UNC2891 violates ATM network via 4G Raspberry Pi and attempts Caketap rootkit for fraud

userBy userJuly 31, 2025No Comments2 Mins Read
Share Facebook Twitter Pinterest Telegram LinkedIn Tumblr Email Copy Link
Follow Us
Google News Flipboard
Share
Facebook Twitter LinkedIn Pinterest Email Copy Link

July 31, 2025Ravi Lakshmanan

It has been observed that a financially motivated threat actor known as UNC2891 is targeting automatic teller machine (ATM) infrastructure using 4G equipped Raspberry PIs as part of a secret attack.

Cyberphysical attacks involved exploiting physical access to install Raspberry PI devices, connecting directly to the same network switch as the ATM, and effectively placing them within the target bank’s network. Currently, I don’t know how this access was obtained.

“The Raspberry Pi is equipped with a 4G modem, allowing remote access to mobile data,” security researcher Nam Le Phuong said in a report Wednesday.

Cybersecurity

“Using Tinyshell backdoors, the attacker established an outbound command and control (C2) channel through a dynamic DNS domain. This setup allowed continuous external access to the ATM network, completely bypassing perimeter firewalls and traditional network defenses.”

UNC2891 was first documented in March 2022 by Google-owned Mandiant, linking Groups to attacks targeting ATM switching networks, using fraudulent cards to perform fraudulent cash withdrawals at different banks.

At the heart of the operation was called the rootkit of kernel modules, designed to hide network connections, processes, files, and intercept and spoof validation messages from the Hardware Security Module (HSM).

The hacking crew was evaluated to share the tactical overlap with another threat actor UNC1945 (aka Lightbasin).

Describing threat actors as having extensive knowledge of Linux and UNIX-based systems, Group-IB said it analyzed a backdoor named “LightDM” on victims’ network monitoring servers designed to establish active connections to Raspberry PI and internal mail servers.

Cybersecurity

This attack is important for binding mount abuse to hide the presence of backdoors from the process list and avoid detection.

As seen in the past, the ultimate goal of infection is to deploy Caketap rootkit on ATM switching servers to promote unauthorized ATM cash withdrawals. However, the Singaporean company said the campaign was confused before threat actors caused serious damage.

“Even after the Raspberry Pi was discovered and deleted, the attacker maintained internal access through the backdoor on the mail server,” Group-IB said. “Threat actors leveraged the dynamic DNS domain of command and control.”


Source link

#BlockchainIdentity #Cybersecurity #DataProtection #DigitalEthics #DigitalIdentity #Privacy
Follow on Google News Follow on Flipboard
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
Previous ArticleLightning on Earth is triggered by a powerful chain reaction from outer space, simulations show
Next Article 2025 What Gartner® MagicQuadrant™ reveals
user
  • Website

Related Posts

Europol dismantles SIM farm network running 49 million fake accounts worldwide

October 19, 2025

New .NET CAPI backdoor targets Russian car and e-commerce companies via phishing ZIPs

October 18, 2025

Silver Fox spreads Winos 4.0 attack to Japan and Malaysia via HoldingHands RAT

October 18, 2025
Add A Comment
Leave A Reply Cancel Reply

Latest Posts

Europol dismantles SIM farm network running 49 million fake accounts worldwide

Wikipedia says AI search summaries and social videos are causing traffic decline

This top VC bets nearly 20% of its money on teenagers – here’s why

YouTubers are no longer dependent on ad revenue — how some YouTubers are diversifying

Trending Posts

Subscribe to News

Subscribe to our newsletter and never miss our latest news

Please enable JavaScript in your browser to complete this form.
Loading

Welcome to Fyself News, your go-to platform for the latest in tech, startups, inventions, sustainability, and fintech! We are a passionate team of enthusiasts committed to bringing you timely, insightful, and accurate information on the most pressing developments across these industries. Whether you’re an entrepreneur, investor, or just someone curious about the future of technology and innovation, Fyself News has something for you.

Immortality is No Longer Science Fiction: TwinH’s AI Breakthrough Could Change Everything

The AI Revolution: Beyond Superintelligence – TwinH Leads the Charge in Personalized, Secure Digital Identities

Revolutionize Your Workflow: TwinH Automates Tasks Without Your Presence

FySelf’s TwinH Unlocks 6 Vertical Ecosystems: Your Smart Digital Double for Every Aspect of Life

Facebook X (Twitter) Instagram Pinterest YouTube
  • Home
  • About Us
  • Advertise with Us
  • Contact Us
  • DMCA
  • Privacy Policy
  • Terms & Conditions
  • User-Submitted Posts
© 2025 news.fyself. Designed by by fyself.

Type above and press Enter to search. Press Esc to cancel.