An eastern European gang is responsible for stealing 12 million baht from Central Bank of Thailand by installing malware in their ATMs.
More than half the ATMs under the Central Bank of Thailand have been shut down when it found that more than 12 million baht have been stolen due to a malware being installed in the ATMs. A European gang is believed to be behind this theft.
According to the Bangkok Post’s report, president of Government Savings Bank (GSB) told them that one of the three brands used by the bank was found to be infected with the malware. That brand is NCR. The bank made the same statement in a press release, saying that ATM’s from NCR were infected with this malware.
Initial probing had revealed that around 960,000 baht had gone missing from NCR ATMs all over Thailand. The state-run bank had then decided to shut down all the NCR ATMs, which amounts to 47% or 3,300 of the nation’s total ATMs. On further investigation, it was revealed that a total of 12 million baht was missing from 21 missions all across Thailand. Thai police said that some machines were even spilling out 1 million baht at a time.
The malware that is responsible for this affects stand-alone machines. President of GSB Chartchai Payuhanaveechai said in a press conference that it wasn’t customers’ accounts or bank balances that were being emptied by this malware. He said that the machines themselves were tampered with, with many of them spilling out up to 40,000 baht per transaction.
This attack is quite similar to the attack in Taiwan last month, where a European gang was responsible for stealing up to $2 million. The hackers had not stolen customers’ cards or PINs in that attack but rigged the teller machines so as to get them to churn out money. The Taiwanese government was initially looking for two Russian nationals who wore masks to hide their identity when they used the ATMs and took money.
The malware they used made it possible for them to get the ATMs to dispense money without going through the usual transaction. 3 pieces of malware were discovered in the attack and the Taiwanese government had apprehended a Latvian and two Romanians. The government, though, believes that they failed to capture another 13 suspects, which included the two Russians.
The bank and NCR are now working together to solve this issue. Infected hard drives have been sent to the ATM supplier so that they can test it. GSB, though, expects compensation from the supplier. There are some differences between the Taiwan heist and this Thai bank attack, but authorities believe that the same group is responsible for both and are actively looking for the suspects.