Cybercrooks Attached Raspberry Pi to Bank Network and Drained ATM Cash – Here's How It Happened and How to Prevent It

 August 2025 | Cybersecurity Report

In a shocking revelation that underscores the evolving tactics of cybercriminals, a group of hackers recently managed to steal large sums of cash from multiple ATMs by physically connecting a Raspberry Pi — a tiny, inexpensive computer — to a bank’s internal network. This low-cost yet powerful device served as a gateway for launching digital attacks that manipulated ATM functions remotely.

The Heist: Small Device, Massive Impact

According to forensic investigators, the cybercriminals gained unauthorized access to a regional branch of an international bank by posing as maintenance staff. Once inside, they discreetly plugged a modified Raspberry Pi into a network switch located in a rarely monitored area of the bank’s IT infrastructure.

The Raspberry Pi was preloaded with malicious scripts and remote access tools, allowing the attackers to:

1. Scan the internal network for vulnerable systems.

2. Identify and target ATM controllers connected to the same LAN.

3. Inject ATM malware that sent commands to the machines to dispense cash ("jackpotting").

4. Exfiltrate ATM logs and PIN verification data to external command-and-control (C2) servers.

The attack went undetected for several hours, during which multiple ATMs began dispensing unauthorized amounts of cash to money mules stationed nearby.

Why Raspberry Pi?

Raspberry Pi devices are favored by cybercriminals due to:

• Small size – Easily concealable.

• Low cost – Affordable to deploy in large numbers.

• High functionality – Capable of running full Linux distributions, hacking tools (like Nmap, Metasploit), and remote access software.

• Network compatibility – Easily connects via Ethernet or Wi-Fi.

In this case, the attackers used the device not just as a penetration tool, but also as a remote access backdoor. Even after the physical attack, some Raspberry Pi units remained hidden within the bank’s infrastructure, maintaining a foothold.

---

How to Prevent This Type of Attack:

While this incident is alarming, it also highlights critical lessons in cybersecurity, especially for financial institutions. Here are key measures to prevent such intrusions:

1. Strengthen Physical Security

• Restrict physical access to server rooms, network closets, and switchboards.

• Implement biometric authentication or RFID access control for sensitive areas.

• Require real-time visitor logging and supervision of maintenance staff.

2. Monitor for Rogue Devices

• Use Network Access Control (NAC) systems to detect and block unauthorized devices as soon as they connect.

• Deploy intrusion detection systems (IDS) to monitor unusual network behavior.

• Conduct regular network scans to identify unknown MAC/IP addresses.

3. Segment the Network

• Use VLANs and firewall rules to isolate ATM systems from the broader internal network.

• Ensure that ATM controllers only communicate with designated servers, not open LAN segments.

4. Implement Endpoint Protection on ATMs

• Install whitelisting software to restrict what can run on ATM operating systems.

• Regularly patch ATM firmware and update security protocols.

• Monitor for signs of jackpotting malware, such as unauthorized cash dispensing commands.

5. Educate Staff and Conduct Drills

• Train employees to spot suspicious activity, especially during maintenance visits.

• Run red team exercises to simulate intrusions and test response readiness.

6. Enforce Strong Logging and Alerting

• Ensure centralized logging for all network activity.

• Use SIEM (Security Information and Event Management) systems to correlate logs and trigger alerts for abnormal events.

• Audit logs frequently to detect historical breaches or persistent threats.

Conclusion

This Raspberry Pi-based attack is a wake-up call for the global banking sector. As cybercriminals become more creative and resourceful, traditional security measures are no longer enough. Organizations must combine physical security, network intelligence, employee vigilance, and strong cybersecurity infrastructure to protect against both digital and physical threat vectors.

While the Raspberry Pi may seem harmless in the hands of hobbyists or students, it’s clear that in the wrong hands, even the smallest device can become a powerful weapon.