Cyber criminals have hacked cash machines in 28 countries to loot more than £10 million ($19.2m) from an Indian bank.

Hackers infected the bank's credit card payment system with malware, which allowed them to approve transactions and access client accounts.

Fake credit cards were then used to force ATMs around the world to dispense cash worth about £10m until they were empty.

The attack on Cosmos Bank, based in the Indian city of Pune, was predicted by the US Federal Bureau of Investigation (FBI) last week.


The FBI issued a warning to global banks that there would be a cyber attack of ATMs within days.

UK-based banks with large international operations, such as HSBC and Barclays, were among those made aware of the threat.

The FBI said it had intelligence that criminals were going to hack into a banking system using a highly choreographed fraud scheme known as ATM "jackpotting", in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to take out millions in just a few minutes.

Cyber experts have suggested that the attack may have been led by hackers from the so-called Lazarus organisation, a gang of cyber criminals that has been linked to other scams.

However, the group has not confirmed its involvement.

Zeki Turedi, technology strategist at Crowdstrike, said the apparent complexity and scale of the heist suggested it was probably carried out by sophisticated actors with access to significant resources.

This could potentially include groups with a level of state support. Some banks use older operating systems that leave them more vulnerable to hackers, Lu Zurawski, consumer payments practice lead at payments system company ACI Worldwide, said.

"Bank systems may indeed be able to monitor irregularities and react by shutting down ATMs and involving law enforcement agencies at known trouble spots," he said.


"But gangs are pretty savvy and nippy - their 'cash mules' could remove tens of thousands of pounds before any police turn up."

The bank said that its payments system was bypassed in the attack. Cosmos Bank said: "During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system."

ATM jackpotting is increasingly common. In one incident in Thailand in 2016, thieves made off in minutes with £280,000 from cash machines by targeting ATMs run by Government Savings Bank, a state-owned Thai bank based in Bangkok.

This story was first published in the Daily Telegraph and reproduced with their permission
Sign up to the NZ Herald Business page on Facebook for latest news, commentary, data and analysis