FILTERING BY: CLEAR FILTER

UNC2891 'Pi Heist': Raspberry Pi-Driven ATM Network Intrusion

Threat actor UNC2891 executed "Pi Heist" attacks by gaining physical access to bank ATM internals to deploy Raspberry Pi devices equipped with 4G LTE modems. By establishing a Layer 2 bridge between the internal ATM VLAN and an external Command-and-Control (C2) server, the attackers bypassed perimeter firewalls and Network Access Control (NAC). This persistent hardware backdoor allowed the adversary to pivot through the trusted network segment and issue unauthorized "dispense" commands directly to ATM cash dispensers, resulting in direct financial theft via jackpotting.


LINK COPIED TO CLIPBOARD