DailyPost 776


The increase in the number, nature and intensity is known the world over. Adding to the long list of cyber crimes is ATM hacking, which has seen a considerable increase in few months. This crosses the barriers of skimming based ATM hacks to a full fledged emptying of the ATMs, sounds like a physical type of a operation. These hacks are being meticulously executed by global cyber criminals wiping out ATMs across countries and continents. One group seems to have an special expertise in it and has been ’emptying’ across Asia & Africa.

This group gained global prominence post it’s now famous hacks of Sony Pictures in 2014, US $81 dollar theft from the Bangladesh Central Bank in 2016 and notorious WannaCry ransomware that hit banks and other organizations in 2017. As per Symantec, the group behind the organization is Lazarus, which is presumed to having serious North Korea links. This group can be called a collective, under different code names and operations. It would be an exaggeration to call the ISIS of the Cyber world. According to Symantec, “Lazarus possesses an in-depth knowledge of banking systems and transcation processing protocols and has the expertise to leverage that knowledge in order to steal large sums from vulnerable banks.”

This group in US is known by the code name Hidden Cobra specialising both in cybercrime & espionage. The operation of emptying ATMs is known as FASTCash, as it’s name suggests. As per the US government alert, in one 2017 incident, cash was withdrawn from ATMs simultaneously in 30 countries. In another 2018, incident cash was taken out from ATMs in 23 countries. Lazarus FASTCash has generated millions of dollars to this cyber crime collective.

Lazarus seems to have been perfecting the modus operandi with every successive hack. Banks network is breached and switch application servers handling ATM transcations compromised. The unsupported versions of AIX operating system is the main culprit. Stolen cards could have been used. There is also a likelihood that attackers would have opened accounts themselves and made requests through the cards issued.


Sanjay Sahay

Leave a Comment

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.

Scroll to Top