Hackers who once made off with millions of dollars from individual bank accounts are now finding ways to target financial institutions, in some cases triggering multiple ATMs to spit out cash as gang members stand ready to collect the spoils.
Cybercriminals programmed ATMs in Taiwan and Thailand to release millions of dollars in cash earlier this year, and the FBI has since warned that similar potential attacks could happen in the U.S., The Wall Street Journal reported on Sunday.
The FBI said in a bulletin earlier this month that it was “monitoring emerging reports indicating that well-resourced and organized malicious cyber actors have intentions to target the U.S. financial sector.”
The threat could be linked to malicious software used by a Russian gang known as Buhtrap, the Journal reports. The group reportedly tried out the hacking techniques on Russian banks before taking it to financial institutions in other countries.
Security experts say ATMs in the U.S. tend to be newer and better protected than many overseas, though about one quarter of financial institutions attacked by another Russian malware, Odinaff, were located in the U.S. Other banks in Europe and elsewhere in Asia could also become potential targets, according to the Journal.
For more on cybercrime, watch Fortune’s video:
The first such attack on an ATM system was reported in the Taiwanese capital Taipei in July, after loose cash was spotted strewn about in front of an ATM at the First Commercial Bank and elsewhere. Police said the machines were “abnormally spitting out bills.”
The criminals reportedly made off with some $2.6 million in cash, collected by 22 people at various locations without so much as an ATM card, the Journal reports. Three suspects were apprehended and most of the money was recovered. Taipei police have said cyberattacks may have led to a total of about $300 million in losses.
Investigators believe the hackers broke into computers at the bank’s headquarters by sending “phishing” emails, and once inside, infected them with malware that enabled them to order the German-built ATMs to dispense cash without a card transaction.
A similar attack was reported at the Government Savings Bank in Thailand the following month, though direct links between the two cases have not been confirmed.
