Cyber Incident Victim: Al Rajhi Bank

In October 2014, a Latin American criminal group executed a coordinated physical and cyber attack against 17 ATMs across multiple Malaysian banks, including Al Rajhi Bank, United Overseas Bank, Affin Bank, and Bank of Islam. The attackers physically accessed the top panels of targeted ATMs without using keys, inserted a compact disc containing the "ulssm.exe" malware into the machines' processing centers, and forced system reboots that compromised ATM controls. CCTV footage confirmed 2-3 Latin American males conducting sequential cash withdrawals from the compromised machines. The malware-enabled theft resulted in losses exceeding $1.2 million USD across the affected banks. Law enforcement from Bukit Aman Commercial Crime Investigation Department and Selangor Commercial Crime Investigation Department confirmed the attackers exploited the reboot process to bypass standard security protocols, though investigators emphasized no customer data was exposed due to the ATMs reverting to default settings during the breach.

Malaysian police recovered at least one ATM card used in the thefts during their investigation, which remained active as of the initial reports. Forensic analysis determined the malware manipulated ATM dispensing mechanisms while avoiding transaction record alterations. Authorities publicly disclosed the incident on October 1, 2014, through Bernama state media, with Bukit Aman's Comm Datuk Mortadza Nazarene confirming the operational details of the attacks. Investigators assessed the perpetrators remained in Malaysia based on transaction timelines and CCTV evidence, though no arrests were immediately reported. The incident exclusively impacted ATM hardware and cash reserves, with no secondary compromise of banking networks or customer accounts identified during the initial response phase.