US charges 31 more suspects linked to ATM malware attacks

A Nebraska federal grand jury charged 31 additional defendants for their involvement in an ATM jackpotting operation allegedly orchestrated by members of the Venezuelan gang Tren de Aragua.

These latest charges follow two previous indictments: a December 9 one charging 22 individuals with conspiracy to provide material support to terrorists and money laundering, and an October 21 indictment that charged 32 defendants with multiple counts of bank fraud, bank burglary, and damage to computers.

The Nebraska grand jury returned the latest indictment, alleging 32 counts, stemming from a scheme that used Ploutus malware to steal millions in cash from bank ATMs across the United States.

Many of the indicted suspects are Venezuelan and Colombian nationals affiliated with the Tren de Aragua (TdA) gang, designated by the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) in December as a Foreign Terrorist Organization.

“TdA grew from a prison gang to a transnational criminal organization to a foreign terrorist organization,” said Chris Eason, co-director of the Justice Department’s Joint Task Force Vulcan. “Using sophisticated malware to empty ATMs and damage U.S. financial institutions that also fund TdA’s terrorist activity will not be tolerated.”

According to court documents, the suspects allegedly deployed Ploutus malware on banks and credit union ATMs nationwide after first opening the machines’ housings and waiting nearby to detect alarm responses.

They installed the malware by removing hard drives, replacing them with pre-loaded drives, or connecting thumb drives. Once deployed, the malware allowed them to delete evidence to conceal the attacks and force the ATMs to dispense cash until empty.

The stolen money was split according to predetermined arrangements, with funds transferred among the crime ring’s members to launder the illegally obtained cash.

In total, the Justice Department has charged 87 Tren de Aragua members over the past six months, with the defendants facing maximum prison terms ranging from 20 to 335 years if convicted.

Last week, South Carolina federal prosecutors also announced that two Venezuelan nationals convicted of a similar ATM jackpotting scheme will be deported after serving their sentences.

7 Security Best Practices for MCP

As MCP (Model Context Protocol) becomes the standard for connecting LLMs to tools and data, security teams are moving fast to keep these new services safe.

This free cheat sheet outlines 7 best practices you can start using today.

Download Now