all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Rootkit Used by UNC2891 for ATM Money Heist

Add to bookmarks
March 18, 2022, 8:39 p.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

FortiGuard Labs is aware of a report that a threat actor known as UNC2891 used a previously unknown rootkit to capture banking card and PIN verification data from compromised ATM switch servers. The captured data was used to perform fraudulent transactions. Dubbed Caketap, the rootkit allows the threat actor to hide network connections, processes, and files, and install several hooks into system functions to receive commands and configurations from the attacker's remote server.Why is this Significant?This is significant because the …

atm heist money rootkit

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

Akira Ransomware Attack 1 day, 1 hour ago | fortiguard.fortinet.com
access advisory akira akira ransomware +16
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 week, 1 day ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 2 weeks, 6 days ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 3 weeks, 6 days ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 4 weeks ago | fortiguard.fortinet.com
access application application developers attackers +31
Kimsuky Malware Attack 4 weeks ago | fortiguard.fortinet.com
attack cyber entities espionage +15
JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199) 1 month, 1 week ago | fortiguard.fortinet.com
attacker authentication authentication bypass bypass +15
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 month, 4 weeks ago | fortiguard.fortinet.com
access advisory application attackers +28
Microsoft Exchange Server Elevation of Privilege Vulnerability (CVE-2024-21410) 2 months, 1 week ago | fortiguard.fortinet.com
attacks can critical cve +27

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Advisory Red Consultant

@ Security Risk Advisors | Philadelphia, Pennsylvania, United States
View on infosec-jobs.com

Cyber Business Transformation Change Analyst

@ National Grid | Warwick, GB, CV34 6DA
View on infosec-jobs.com

Cyber Security Analyst

@ Ford Motor Company | Mexico City, MEX, Mexico
View on infosec-jobs.com

Associate Administrator, Cyber Security Governance (Fort Myers)

@ Millennium Physician Group | Fort Myers, FL, United States
View on infosec-jobs.com

Embedded GSOC Lead Operator, Events

@ Sibylline Ltd | Seattle, WA, United States
View on infosec-jobs.com
View more jobs