Raspberry Pi ATM Hack: UNC2891 Hackers Used a $35 Computer to Target an Asian Bank’s ATM Network

byMovieEntertainment -
0

 



UNC2891 hackers tried to break into an Asian bank’s ATM network using a $35 Raspberry Pi (a small computer).


They plugged the Raspberry Pi into the ATM’s network switch (a device that connects computers) and attached a 4G modem so they could control it from far away (remote access).

They got full access to the bank’s computer systems (internal IT systems) without turning on any security warnings (firewalls).

UNC2891 is a hacking group active since 2017. They are skilled in using Linux, Unix, and Solaris operating systems. They often use harmful software like Tinyshell, which allows them to control computers from anywhere.

Hackers’ Smart Plan

Hackers planned to reach the bank’s ATM control server using Raspberry Pi.
This server approves cash withdrawal requests.

They created a hidden program (rootkit) whose purpose was to trick the security device (HSM) so it could send fake approvals.


As a result, the ATM could start dispensing cash without a card or PIN.

Bank Security Team’s Discovery

When the bank’s security team saw strange traffic in the network, they scanned it and found an unknown device with model “BCM2711” — the hackers’ Raspberry Pi.
Data was leaking from it through the 4G modem.

Even after removing the Pi, hackers stayed connected via the bank’s mail server.

Hidden Mail Server Backdoor

Hackers had created a hidden backdoor on the mail server.
This:
✔️ Gave direct internet connection
✔️ Allowed control from outside the network
✔️ Stayed hidden from security teams

It took 3–4 days to clean the system:

  • Every server had to be rescanned

  • Extra security layers were added

Physical Security Weakness

This attack shows the weakness in physical security.
If network devices and servers are not physically secured, hackers can easily get in.
Depending only on firewalls and antivirus is risky.

UNC2891’s Past Record

This group tests a new idea every 18 months.

  1. 2020 – Solaris OS Hack

    • Zero-day bug = A hole no one knew about

    • Exploited like cracking an old locker’s secret code

  2. 2022 – Slapstick Malware Attack

    • Keylogging, stealing login details, fooling security

    • Like hiding a keylogger app on your phone

  3. Last 3 Years – Failed Attacks

    • Targeted 5+ Asian banks

    • Caught each time but never stopped trying

Dynamic DNS – Hackers’ Secret Weapon

Dynamic DNS hides a hacker’s server location.
If police block the IP, hackers change it in 5 minutes.
Domain name stays the same, only server location changes.

Why hackers love it:
✔️ Server never offline
✔️ Hard for police to catch
✔️ Cheap — under $2/month

Solution for banks:

  • Block unknown domains

  • Alert if a domain changes IP multiple times a day

Top 5 Security Lessons for Banks

  1. Use both digital and physical security

  2. Lock server rooms with biometrics

  3. Monitor for unknown devices

  4. Keep ATM network separate from core banking servers

  5. Audit devices weekly and monitor for 4G/LTE signals

Raspberry Pi – Hero or Villain?

For students:

  • Great for learning programming

  • Useful for automation projects

For hackers:

  • Small enough to hide in an ATM

  • Can run full OS and hacking tools

  • Very cheap but powerful

Banks should block devices with MAC prefix “BCM2711” unless registered.

Future Attack Risks – Everyday Gadgets

Hackers now use normal gadgets:

  • USB chargers to steal data

  • Smart bulbs for network access

  • Fake CCTV for spying

  • AC controllers to damage servers

Security tips:

  • Audit gadgets monthly

  • Keep IoT devices on a separate network

  • Monitor Bluetooth and 4G signals

Police Investigation Update

Interpol raided 4 countries: India, Thailand, Vietnam, Malaysia.
3 suspects arrested — 1 techie, 2 helpers.
₹52 lakh cash seized and 17 Raspberry Pi devices found.

Evidence included:

  • ProtonMail hacker emails

  • GPS logs from 4G modems

  • Malware code (Tinyshell + Slapstick)

More suspects are being traced, and ₹10 crore in cryptocurrency is being frozen.

Public warning:
If someone offers you money to attach something near an ATM, call the police immediately.

Q1: What is the Raspberry Pi ATM hack by UNC2891?
Ans: UNC2891 hackers used a $35 Raspberry Pi with a 4G modem to access an Asian bank’s ATM network. This allowed them to bypass security firewalls and gain full access to internal systems.

Q2: How did UNC2891 hackers connect the Raspberry Pi to the bank network?
Ans: They physically installed the Raspberry Pi on the ATM’s network switch. This enabled remote access via the 4G modem without triggering alarms.

Q3: What is the Tinyshell malware used for?
Ans: Tinyshell is a custom backdoor used by hackers to gain remote control over systems. It allows lateral movement and hidden access.

Q4: How can banks prevent Raspberry Pi-based ATM hacks?
Ans: Banks should lock server rooms, monitor for unknown devices, block unregistered MAC addresses like “BCM2711”, and separate ATM networks from core systems.

Q5: What is Dynamic DNS in cybercrime?
Ans: Dynamic DNS hides a hacker’s server location by allowing quick IP changes while keeping the same domain name, making tracking harder.

Q6: Who is UNC2891?
Ans: UNC2891 is a cybercrime group active since 2017, known for targeting banks using rootkits, malware, and physical device installations.

Q7: What should you do if someone asks you to attach a device near an ATM?
Ans: Refuse and immediately contact the police. Such devices are often used in ATM hacks.

Tags

Post a Comment

Previous Post Next Post