Ethical Hacking News
Hackers successfully infiltrated a bank's network by embedding a 4G Raspberry Pi device in an ATM machine, exploiting vulnerabilities to carry out a sophisticated heist. This incident highlights the evolving nature of cyber attacks and the increasing reliance on modern technologies for nefarious purposes.
Hackers from LightBasin group infiltrated a bank's network using a 4G-equipped Raspberry Pi device embedded in an ATM machine. The attack showcased the creativity and sophistication of modern cyber attackers. The group had previously made headlines with its Unix kernel rootkit "Caketap" that manipulates Payment Hardware Security Module (HSM) responses to authorize fraudulent transactions. The attackers bypassed security defenses, created an invisible channel into the bank's internal network, and deployed backdoors using the Raspberry Pi device. The attack was foiled before it could materialize, but demonstrated advanced hybrid (physical+remote access) attack techniques. The threat actors used TinyShell open-source backdoor to establish an outbound command-and-control channel via mobile data. The attackers' use of alternative filesystems obscured metadata from forensics tools and demonstrated their sophistication in evading detection.
In a shocking revelation, researchers have discovered that hackers from the notorious hacking group, LightBasin, successfully infiltrated a bank's network by embedding a 4G-equipped Raspberry Pi device in an ATM machine. The attack, which was part of a failed heist aimed at spoofing ATM authorization and carrying out fraudulent withdrawals of cash, showcases the creativity and sophistication of modern cyber attackers.
The UNC2891 hacking group, also known as LightBasin, is notorious for its attacks on banking systems, having previously made headlines with its Unix kernel rootkit "Caketap," which manipulates Payment Hardware Security Module (HSM) responses to authorize fraudulent transactions. The group's activities have been monitored by Mandiant, a cybersecurity firm that highlights the evolving nature of threats in the financial sector.
According to Group-IB, which discovered the intrusion while investigating suspicious activity on the network, LightBasin used the 4G-equipped Raspberry Pi device to bypass security defenses and create an invisible channel into the bank's internal network. The device was physically connected to the ATM network switch, allowing the attackers to move laterally and deploy backdoors.
The attackers' ultimate goal was to spoof ATM authorization and perform fraudulent withdrawals of cash, but their plan was foiled before it could materialize. However, the incident is a rare example of an advanced hybrid (physical+remote access) attack that employed several anti-forensics techniques to maintain a high degree of stealthiness.
The specific group used the TinyShell open-source backdoor to move traffic between networks and route it through specific mobile stations. The Raspberry Pi device hosted the TinyShell backdoor, which was leveraged for establishing an outbound command-and-control (C2) channel via mobile data.
In the subsequent phases of the attack, the threat actors moved laterally to the Network Monitoring Server, which had extensive connectivity to the bank's data center. They then pivoted to the Mail Server, which had direct internet access, and enabled persistence even when the Raspberry Pi was discovered and removed.
The attackers' use of alternative filesystems like tmpfs and ext4 over the '/proc/[pid]' paths of the malicious processes essentially obscured the related metadata from forensics tools. This advanced approach demonstrated the sophistication of LightBasin's tactics, as they employed various techniques to evade detection and maintain their presence in the network.
The Network Monitoring Server inside the bank network was found beaconing every 600 seconds to the Raspberry Pi on port 929, indicating that the device served as a pivot host. The researchers concluded that the attackers' plan was foiled when their ultimate goal of deploying the Caketap rootkit could not be realized.
In conclusion, this incident highlights the increasing reliance on modern technologies for nefarious purposes and the evolving nature of cyber attacks. The LightBasin group's sophisticated approach to hacking banking systems underscores the need for banks and financial institutions to stay vigilant and adopt advanced security measures to protect themselves against such threats.
As cybersecurity threats continue to evolve, it is essential for organizations to stay informed about emerging trends and tactics employed by hackers. By staying proactive and adopting robust security protocols, businesses can minimize the risk of falling victim to sophisticated attacks like the one carried out by LightBasin using a 4G Raspberry Pi device.
Furthermore, this incident serves as a reminder of the importance of robust network security measures and the need for continuous monitoring to detect and respond to emerging threats. As modern technologies continue to advance at an unprecedented rate, it is crucial that cybersecurity professionals stay ahead of the curve by staying informed about the latest hacking techniques and tactics employed by hackers.
By understanding the intricacies of advanced cyber attacks like the one carried out by LightBasin, organizations can take steps to fortify their defenses and protect themselves against similar threats in the future. As the landscape of cyber attacks continues to shift and evolve, it is essential for businesses to adopt a proactive approach to security, staying informed about emerging trends and tactics employed by hackers.
Related Information:
https://www.ethicalhackingnews.com/articles/Hacking-the-Banking-System-How-LightBasins-Advanced-Attack-Bypassed-Security-Measures-with-a-4G-Raspberry-Pi-ehn.shtml
https://www.bleepingcomputer.com/news/security/hackers-plant-4g-raspberry-pi-on-bank-network-in-failed-atm-heist/
Published: Wed Jul 30 13:11:24 2025 by llama3.2 3B Q4_K_M
