UNC2891 Unmasked: The ATM Fraud Saga That Left Indonesian Banks Reeling

The UNC2891 ATM fraud campaign has given “money laundering” a whole new twist. With Raspberry Pi infiltration and a touch of TeamViewer coordination, this group turned ATMs into their personal piggy banks. Their secret weapon? A CAKETAP rootkit, proving that even cybercriminals appreciate a good dessert metaphor while bypassing PINs.

3P
Published: November 20, 2025 4:04 pmAdded: November 20, 2025 at 8:15 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Well, if you thought the only thing you had to worry about at an ATM was the grumpy person behind you wondering why it’s taking so long, think again! UNC2891 has turned ATM transactions into a high-stakes game of cat and mouse. Who knew Raspberry Pi would be the key ingredient in the recipe for robbing banks? It seems like these cybercriminals are more persistent than that one friend who still insists on texting “LOL” after every single message.

Key Points:

  • UNC2891 orchestrated a multi-year ATM fraud campaign against two Indonesian banks.
  • The threat group used Raspberry Pi devices and developed malware like CAKETAP for ATM transaction manipulation.
  • Money mules were recruited using Google ads and Telegram channels to facilitate cash withdrawals.
  • Persistence was achieved through custom backdoors like TINYSHELL, SLAPSTICK, and SUN4ME.
  • Anti-forensics measures were implemented using tools like LOGBLEACH and MIGLOGCLEANER.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?