ECONOMY & WORK
MONEY 101
NEWS
PERSONAL FINANCE
NET WORTH
About Us Contact Us Privacy Policy Terms of Use DMCA Opt-out of personalized ads
© Copyright 2023 Market Realist. Market Realist is a registered trademark. All Rights Reserved. People may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.
MARKETREALIST.COM / NEWS

Here's How The $14 Million Cosmos Bank ATM Heist Was Carried Out

The Cosmos Bank Heist was carried out through ATMs across 28 countries.
PUBLISHED MAY 21, 2024
Cover image source: Unsplash | Photo by Nik
Cover image source: Unsplash | Photo by Nik

On 11 August 2018, a massive “malware attack” was carried out on Cosmos Bank, one of the oldest Urban Co-operative Banks in India. In the heist, several cloned debit cards of the bank were used for thousands of ATM transactions from India and 28 other countries in seven hours. The logistics involved in the heist were staggering and the hackers made off with nearly $14 million as per the BBC.

Cosmos Bank building in India | Wikimedia Commons | Photo by 	Rushikesh.nijampurkar
Cosmos Bank building in India | Wikimedia Commons | Photo by Rushikesh Nijampurkar

What is the Lazarus Heist?

In 2018, a criminal group hired several men in the Indian state of Maharashtra to carry out a heist. The men who thought they were signing up for a minor role in a movie, were used as money mules for a hacker group located thousands of miles away.

The money mules were used to raid ATMs of Cosmos Co-operative Bank, which has its headquarters in Pune, Maharashtra. In the raid, thousands of ATM cash transactions were requested by the money mules at different locations.



 

While the bank staff was notified of the suspicious activity, it took them some time to inform the card payment company, Visa to block all transactions. This delay cost the bank massively as about 12,000 separate withdrawals from ATMs around the world had taken place.

The grand scale heist was carried out with meticulous synchronization in 28 different countries, including the U.S., the UK, the United Arab Emirates, and Russia. Investigators eventually traced the heist’s origins to a shadowy group of hackers called Lazarus, from North Korea.

Here’s how the 'Cosmos Heist' was carried out

As per the BBC report, the hackers used a technique called "jackpotting" to get the ATMs to spill cash. It is like hitting the jackpot on a slot machine. The hackers sent a phishing mail to infect the bank’s systems. As the mail was opened by an employee, it infected the computer network with malware.



 

Once the hackers were inside the bank’s system, they manipulated a software called the ATM switch, which sends messages to a bank to approve a cashpoint withdrawal.

With this, the hackers could allow ATM withdrawals from their accomplices anywhere in the world. However, they couldn’t change the maximum transaction limit so they needed a large number of fake debit cards and cash mules to carry out the heist.

They allegedly hired a person called Big Boss who had posted tips on the dark web on how to carry out credit card fraud. Big Boss claimed to have the equipment to make cloned ATM cards and had access to a group of money mules.

The group created "cloned" ATM cards using genuine bank account data and hired the money mules under disguise.

In 2019, Big Boss was arrested in the U.S. and he pleaded guilty to offenses including laundering funds from alleged North Korean bank heists. Meanwhile, North Korea has strongly denied the Lazarus Group’s existence and any involvement in the Cosmos Bank Heist. 



 

However, in 2021, the FBI, the Secret Service, and the Department of Justice announced charges against three suspected Lazarus Group hackers. Jon Chang Hyok, Kim Il, and Park Jin Hyok were accused of working with North Korea's military intelligence agency, back in Pyongyang.

Action against North Korea

The U.S. and South Korean authorities estimate that 7,000 trained hackers are working from North Korea. In September 2017, the UN Security Council imposed strict sanctions on North Korea, limiting fuel imports and exports. It also demanded UN member nations send North Korean workers home by December 2019.



 

Despite strong action, the hackers appear to be still active. The BBC reported that they are now targeting crypto companies and are estimated to have stolen around $3.2 billion.

MORE ON MARKET REALIST
The Aussie waitress, shared her experience of serving the global star with “Sunrise”.
4 hours ago
The 64-year-old real estate mogul said that one should "only buy things that produce cash flow that can't be disrupted".
18 hours ago
With the $40 he had, he spent $20 on gas and with the rest, he bought the scratch-off ticket to try his luck.
22 hours ago
Burgundy Waller has a RFID chip implanted in her hand and the video has left us stunned.
1 day ago
While the customer paid the price out of respect, viewers claimed there were many ways to escape.
1 day ago
Some lottery winners go to great lengths to remain anonymous.
2 days ago
The woman who believed that the 'Rapture' would occur on April 8, definitely had a rude awakening.
2 days ago
Amid more flight delays and other unforeseeable events at airports, the Department of Transportation will compensate passengers. Here's what we know.
2 days ago
Since only a small amount of money was involved in each incident, they were considered "minor crimes".
3 days ago
The dress from the 'Sultan of Sequins' had much more value than what the owner expected.
4 days ago
Grant Cerwin sent an email to Craig Jelinek asking if Costco could donate one of the famous 93-inch teddy bears for his middle school fundraiser in LA.
4 days ago
The problem occurred across the airline's app and some booking platforms including a top website.
4 days ago
While the restaurant claims it wasn't related to the tip, the waitress has a different story to tell
5 days ago
"Seriously, how desperate are they for money?" a Reddit post said sharing the listing.
5 days ago
A "gift from God," Otha Anders started collecting pennies after he found one lying on the ground.
5 days ago
The companies and the world learned a valuable lesson of vetting email IDs before handing out money
6 days ago
He got a check for $50,000 every year, for the next 20 years and pocketed $38,000 after taxes.
6 days ago
Actor Charlie Sheen is most known for his role on syndicated tv show 'Two and a Half Men.' How much are reruns paying him?
7 days ago
Jaime Siminoff, whose pitch was rejected by all but one shark, walked out without a deal. He returned to the show as a millionaire investor.
7 days ago
"You know we're getting old when Pokemon is on Antiques Roadshow."
7 days ago