ngCERT warns banks after UBA Senegal loses $2 million in ATM cash-out attack
By Aboki Forex —
The Nigeria Computer Emergency Response Team (ngCERT) has issued a fresh cybersecurity alert to financial institutions. The warning follows a coordinated ATM cash-out attack on UBA Senegal that led to fraudulent withdrawals of over $2 million.
According to the advisory, cybercriminals carried out 3,421 ATM transactions to drain the funds. ngCERT said the attackers were Senegalese nationals linked to an international criminal network.
Investigators believe the criminals gained privileged access to card authorization infrastructure. This allowed them to manipulate transaction controls and carry out large-scale withdrawals without detection.
How the attack worked
ngCERT explained that threat actors often infiltrate banking networks through phishing campaigns, supply chain weaknesses, or insider access. Once inside, they deploy malware such as Ploutus variants and other jackpotting tools.
“A similar attack on United Bank for Africa (UBA) Senegal resulted in the fraudulent withdrawal of more than USD 2 million through 3,421 ATM transactions,” the agency stated.
The attackers then conduct internal reconnaissance to map critical systems for ATM transaction processing, card management, and authorization services. They escalate privileges and manipulate key controls including withdrawal limits, transaction velocity, fraud monitoring thresholds, and card parameters.
They also create, activate, or alter payment card records to enable the attack.
Coordinated cash-out operation
These changes allow multiple operatives to conduct high-volume ATM withdrawals simultaneously across different locations. This helps criminals maximize withdrawals before detection and quickly convert digital funds into physical cash.
ngCERT warned that successful ATM cash-out attacks can lead to severe financial and operational consequences. Risks include massive financial losses from rapid depletion of ATM cash reserves and compromise of core banking systems.