InfoSecBulletin Cybersecurity for mankind
A federal grand jury in Nebraska has indicted 31 individuals for their involvement in a Ploutus malware scheme that resulted in the theft of millions from ATMs throughout the United States. This sophisticated “ATM jackpotting” operation is connected to the Tren de Aragua (TdA) gang, classified as a foreign terrorist organization.
Recent months have seen 87 TdA members charged. Authorities claim the plot financed violent crimes like trafficking and murder.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
The indictment comprises 32 charges, encompassing conspiracy to commit bank fraud, bank burglary, computer fraud, and computer damage. If found guilty, the defendants could face a staggering maximum sentence of 335 years in prison. Notably, many of the accused are nationals from Venezuela or Colombia, including members of TdA who unlawfully entered the United States.
How ATM Jackpotting Works:
ATM jackpotting involves tricking machines into dispensing cash without cards or PINs. Criminals use malware, such as Ploutus, to take control of the ATM’s cash dispenser. Ploutus, which emerged in 2013, targets ATMs using Windows XP or older software, sending fake commands to release cash. Criminals initially inspected bank ATMs to see if alarms would trigger by opening the hood; if not, they deemed it safe to proceed.
Then, they installed Ploutus in three ways:
Removed the ATM’s hard drive and loaded malware directly.
Swapped it with a pre-infected drive.
Plugged in a USB drive to deploy the code remotely.
Ploutus erases logs to cover its tracks, deceiving bank staff. After stealing cash, groups divide the money. Case photos reveal tools like USBs and open ATM panels during the heist.
This follows earlier indictments. A December 2025 case charged 22 people for TdA-related jackpotting and money laundering. An October indictment hit 32 for similar fraud. Total losses are in the millions, affecting banks and credit unions across the country.
TdA began as a Venezuelan prison gang in the 2000s and has expanded to drug trafficking, arms smuggling, sex trafficking, and extortion throughout the Americas, including the US. Jackpotting generates fast cash to support these activities, which officials label as a “revenue stream” for terrorism.
Attorney General Pamela Bondi labeled TdA a “complex terrorist organization.” Deputy AG Todd Blanche vowed to dismantle it via Joint Task Force Vulcan (JTFV).
US Attorney Lesley Woods in Nebraska aims to cut their funds. Justice FBI’s Eugene Kowel stressed tracking the money.
The investigation includes the FBI Omaha, HSI, and many other agencies. The HSTF, created by Executive Order 14159, focuses on cartels and gangs. The JTFV, which started in 2019 to combat MS-13, is now targeting TdA.
Technical Defenses Against Jackpotting:
ATMs remain vulnerable due to outdated software. Many still use Windows XP, unpatched for years. Malware like Ploutus exploits weak physical security unlocked panels let attackers insert devices.
Banks fight back with:
EMV Chip Cards and Tokenization: Reduces card skimming risks.
Jammed Detection: Sensors block CDM if tampered.
Remote Monitoring: Real-time alerts for odd cashouts.
Hardened OS: Shift to Linux or secure Windows versions.
Air-Gapped Networks: Isolates ATMs from the internet.
CISA recommends updating firmware and using multi-factor access for security. Logical locks, like PIN-protected hoods, can deter intruders, but physical access still poses a risk. The rise of cartels using cyber tools highlights the need for stronger defenses as TdA evolves. The DOJ’s 87 charges indicate a crackdown, but increased ATM attacks are likely unless banks quickly enhance security.
