Within a single night, attackers stole 3.8 million slopes (€ 860,000) from 32 ATMs that belong to Romania bank Raiffeisen in the year 2016.

Attackers used an infected RTF document file to leverage the Microsoft Word vulnerability and installed the cobalt malware in bank systems and gained control over the bank network.

The ATM looting operation took place between 9 August 2016 and 4 September 2016. On the night of 3/4 September attackers simultaneously withdraws money from different parts of the country.

Bank confirms the customer accounts are safe and they are not affected by the breach.


Also Read Advanced ATM Penetration Testing Methods

According to report attackers gained control over the ATM remotely and instructed all the 32 ATMs remotely to dispense all the money that it had available and had some people in front of the ATM to sit and collect the money.

The operation that occurs within a single night exceeds any robbery ever committed in Romania, 3.8 million lei, about 860 thousand euros reports bzi.

The extremely well-coordinated criminal organization, wearing sunglasses and hooded anoraks waiting for the command, waited for bags and bags in their hands before the Raiffeisen Iasi, Bucharest, Suceava, Timeshare, Constanta, Plitvice, Saxon and Crevedia automats.
At the hands of their leaders, at least a few buttons, 32 cars released them all the money. If more men had been involved with the criminal organization, they could have virtually eliminated all the automatons of the bank.

One of the members of the network was caught in Iasi named Dmitrii Cvasov and the authorities recovered 80,000 lei Out of 3.8 million lei from him.

All these people who took over the cash issued by ATMs were coordinated – either from the group’s command center or from other members of the group.


Please enter your comment!
Please enter your name here