Bangladesh police arrested six Ukrainian nationals on June 2. According to investigators, the seven suspects landed in Dhaka together on May 30 and stole money from an ATM booth the very next day. On June 1, they stole money from the other booths. During the series of thefts, one of the hackers was detained while he was trying to steal money from the bank’s ATM. During the attempted theft, two of the foreigners went to the booth wearing masks and caps. The security guard became suspicious and called locals for help, who were able to catch one of them and hand him over to police. Police says after the theft, the gang was supposed to go to India on June 6. They said criminals had links to the “Lazarus Group” or korean group "Hidden Cobra".
IT expert said in this method of hack, a card was inserted in the ATM and the machine’s connection with the bank’s server got severed, after which the suspects just took money out. The method also left no record of the transaction in the bank’s server. It has been seen in other countries where criminals used Tyupkin, a strain of malware, to empty ATMs. For it to work, one needed to gain physical access to an ATM and infect it with the Tyupkin malware. Once the machine was infected, it disabled all network connections and even if the administrators detected any suspicious activity, it could not be interrupted. Tyupkin malware was first discovered in 2014.
Source:
https://www.thedailystar.net/frontpa...d-gang-1755148