Bank hit by network compromise
Incident
Summary
Hide ▲
Show ▼
Bank A suffered a compromise in February 2022 that gave UNC2891 persistent access to more than 30 systems, making the intrusion materially larger than a single-host breach. The foothold mattered because it supported continued control inside the bank environment and increased the risk of follow-on fraud activity. The event was one segment of a wider ATM-fraud operation, but the incident itself was a concrete victim-focused compromise.
Related Happenings
UK Authorized Push Payment fraud losses tied to dropper accounts in 2022
Target Trend
First: 25.03.2026 18:05
Last: 25.03.2026 18:05
Sources 1
About this happening:
UK **Authorized Push Payment fraud** losses reached **£485.2m ($649m)** in **2022**, and **dropper accounts** were identified as a major contributor, signaling a persistent fraud...
UK Authorized Push Payment fraud losses tied to dropper accounts in 2022
Target TrendAbout this happening: UK **Authorized Push Payment fraud** losses reached **£485.2m ($649m)** in **2022**, and **dropper accounts** were identified as a major contributor, signaling a persistent fraud...
Peru loan phishing campaign impersonating financial institutions across Latin America
Campaign
First: 21.01.2026 17:00
Last: 21.01.2026 17:00
Sources 1
About this happening:
A **Peru-focused loan phishing campaign** has expanded across **Latin America**, putting users' **card numbers**, **PIN codes**, and **banking credentials** at risk. The operation...
Peru loan phishing campaign impersonating financial institutions across Latin America
CampaignAbout this happening: A **Peru-focused loan phishing campaign** has expanded across **Latin America**, putting users' **card numbers**, **PIN codes**, and **banking credentials** at risk. The operation...
UNC2891 multi-year ATM fraud campaign against Indonesian banks
Campaign
First: 20.11.2025 18:00
Last: 20.11.2025 18:00
Sources 1
How related:
Cybersecurity researchers have uncovered the full scope of a multi-year, UNC2891 ATM fraud campaign against two Indonesian banks.
About this happening:
UNC2891’s **multi-year ATM fraud campaign** against **two Indonesian banks** has been fully exposed, showing a coordinated cash-out operation that used **money mules**, **cloned c...
UNC2891 multi-year ATM fraud campaign against Indonesian banks
CampaignHow related: Cybersecurity researchers have uncovered the full scope of a multi-year, UNC2891 ATM fraud campaign against two Indonesian banks.
About this happening: UNC2891’s **multi-year ATM fraud campaign** against **two Indonesian banks** has been fully exposed, showing a coordinated cash-out operation that used **money mules**, **cloned c...
Timeline
-
20.11.2025 18:00 2 articles · 6mo ago
UNC2891 compromise of Bank A disclosed
Initial DisclosureGroup-IB disclosed that UNC2891 ran a multi-year ATM fraud campaign against two Indonesian banks, including a February 2022 compromise at Bank A that affected over 30 systems and left the threat group with a persistent presence inside the bank environment. The same report linked additional activity to Bank B in November 2023 and Bank A again in July 2024 through shared STEELCORGI packing and cryptographic keys.
Show sources
- UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation — www.infosecurity-magazine.com — 20.11.2025 18:00
- UNC2891 Money Mule Network Reveals Full Scope of ATM Fraud Operation — www.infosecurity-magazine.com — 20.11.2025 18:00