Cyber Incident Victim: Bank of Islam
Date:
Oct 2014
Location:
Malaysia
Summary
A Latin American criminal group stole approximately $1.2 million by hacking 17 ATMs across multiple Malaysian banks, including Bank of Islam. The attackers physically accessed machines without keys, inserted malware-laden discs ("ulssm.exe") to force system reboots, enabling unauthorized cash withdrawals captured on CCTV by 2-3 perpetrators. Police recovered one compromised ATM card and confirmed customer data remained secure due to the system reset, though investigations indicate suspects may still be in the country. The incident impacted ATMs operated by four financial institutions, with law enforcement actively pursuing the case.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In October 2014, a Latin American criminal group executed a coordinated attack on 17 automated teller machines (ATMs) across multiple Malaysian banks, including United Overseas Bank, Affin Bank, Al Rajhi Bank, and Bank of Islam. The attackers physically compromised the ATMs by opening the top panel without keys and inserting a compact disc containing the "ulssm.exe" malware into the machines' processing centers. This action forced the ATMs to reboot to default settings, enabling unauthorized cash withdrawals totaling approximately $1.2 million. Closed-circuit television footage captured 2-3 Latin American males conducting sequential withdrawals from the compromised machines. Malaysian police, including Bukit Aman Commercial Crime Investigation Department chief Comm Datuk Mortadza Nazarene, confirmed the malware's role in bypassing security protocols. Investigators recovered one ATM card used in the thefts but noted no customer data was exposed due to the system reset.
Authorities initiated a multi-jurisdictional investigation led by the Selangor Commercial Crime Investigation Department, with forensic teams examining the breached ATMs and transaction logs. Police confirmed the suspects remained in Malaysia at the time of reporting and were pursuing leads based on CCTV evidence and the recovered card. The incident exclusively impacted ATM hardware through physical access, with no reported network intrusion or digital compromise beyond the localized malware deployment. Financial losses were confined to cash reserves within the targeted machines, with no secondary fraud or data misuse detected. Law enforcement continued analyzing the malware's functionality while monitoring financial networks for related activity.