US$2m theft from Taiwan ATMs linked to European hacking spree: security firm

The group that orchestrated the theft of more than US$2 million from cash machines at Taiwan’s First Commercial Bank in July was also behind an ATM hacking spree in more than a dozen European nations last year, according to cyber security firm Group-IB.

The methods that the so-called Cobalt group used in Europe matched those used in Taiwan, Group-IB said in its latest client report.

Three Eastern European men were arrested in Taiwan in July on suspicion of collecting cash stolen from ATMs owned by First Commercial Bank, a unit of First Financial Holding.

Lawyers for the three defendants in an ongoing trial in Taipei told Reuters that their clients were not familiar with Cobalt.

The men, identified in court documents as Peregudovs Andrejs, of Latvia, Colibaba Mihail, of Romania, and Pencov Nicolae,of Moldova, were among a total of 22 individuals, all foreign nationals, that Taiwanese authorities suspect of taking part in the theft, where most of the money was subsequently recovered.

The suspects used malware dubbed “ATM spitter” in the First Commercial Bank attacks, as well as similar hacks in countries including Armenia, Belarus, Britain, Bulgaria, Estonia, Georgia, Kyrgyzstan, Moldova, the Netherlands, Poland, Romania, Russia and Spain, Group-IB said in a report to its customers that Reuters reviewed on Thursday.