Cybersecurity experts from Group-IB have unveiled the sophisticated UNC2891 campaign, targeting ATMs through a blend of physical intrusion and advanced malware, including the CAKETAP rootkit. The group’s tactics involve the use of Raspberry Pi devices to breach bank infrastructures in Indonesia and a recruitment strategy for proxies to facilitate cash withdrawals. This multi-faceted attack underscores a worrying trend where high-profile ATM incidents are declining, yet threats persist due to evolving methods that marry technical expertise with operational strategy. The persistence and resourcefulness of this criminal entity highlight the ongoing challenges in securing financial systems against such complex cyber threats.