Weekend ATM cash-out operation siphons $13.5M from Indian bank
By the time the FBI alerted banks last Friday about a possible imminent attack on ATMs, one was already underway in India.
From 3–7 p.m. local time, thieves carried out a total of nearly 15,000 transactions on the systems of Pune-based Cosmos Bank from ATMs all across India and 28 other countries, India's Economic Times reported.
It's not clear at this time whether the attack triggered the FBI warning or vice versa — that is, the attackers moved up their plans when they realized that authorities had gotten wind of the scheme.
Regardless, thieves managed to make off with approximately $13.5 million from Cosmos Bank in individual transactions of $100–$2,500 for the most part, although one transaction withdrew $11,000.
The scheme began with the breach of a firewall protecting Cosmos Bank servers. The breach allowed hackers to set up their own proxy server to authorize the fraudulent ATM transactions, which were carried out using cloned bankcards striped with Cosmos Bank account holder data.
The bank eventually shut down its servers after being notified of "erratic and abnormally high" ATM transactions
On Monday, approximately $1.93 million in stolen funds was transferred to a Hong Kong based entity using the SWIFT financial messaging service.
Cosmos is working with law enforcement agencies in numerous countries in an attempt to retrieve the stolen funds, the report said. Authorities suspect that the attack is the work of "Lazarus," a North Korean hacking group known to have conducted similar cash-out operations in Eastern Europe.