U.S. DOJ Charged 54 in Connection With ATM Hacking Attack by Deploying Ploutus Malware

   December 22, 2025  Posted in CyberSecurityNews

U.S. DOJ Charged 54 in Connection With ATM Hacking Attack by Deploying Ploutus Malware

The U.S. Department of Justice (DOJ) has charged 54 individuals in a sweeping crackdown on a transnational cyber-physical attack network.

The indictments, announced by U.S. Attorney Lesley A. Woods, allege a massive conspiracy involving “ATM jackpotting” to fund Tren de Aragua (TdA), a designated Foreign Terrorist Organization.

The coordinated operation targeted a sophisticated criminal ring that deployed the notorious Ploutus malware to siphon millions of dollars from ATMs across the United States.

location of alleged jackpotting incidents committed across the United States
 location of alleged jackpotting incidents committed across the United States

The Ploutus Connection

According to court documents, the attackers utilized a variant of the Ploutus malware to compromise financial institutions.

Unlike traditional skimming attacks that steal card data, “jackpotting” involves physically intruding into the machine to force it to dispense cash on command.

The indictment outlines a methodical process used by the conspirators:

google

  • Reconnaissance: Teams scouted target banks and Credit Unions to assess external security measures.
  • Physical Access: Attackers physically opened the ATM’s hood or door.
  • Deployment: The malware was installed by either replacing the ATM’s hard drive with a preloaded drive or by connecting an external device, such as a USB drive, to the machine.
  • Execution: Ploutus issued unauthorized commands to the Cash Dispensing Module, causing the machine to empty its currency.
depict just a few of the alleged ATM burglaries in progress
A few of the alleged ATM burglaries are in progress

The malware was also designed to delete logs to conceal the intrusion.

Federal prosecutors allege the stolen funds were laundered to Venezuela to support TdA leadership. Including the gang’s notorious head, Hector Rusthenford Guerrero Flores (a.k.a. “Niño Guerrero”).

Among those charged is Jimena Romina Araya Navarro, a Venezuelan entertainer and alleged TdA leader, accused of providing material support to the organization.

“The Criminal Division will not tolerate networks of thieves who breach the security of our financial system,” said Acting Assistant Attorney General Matthew R. Galeotti.

According to court documents, the 54 defendants face severe charges ranging from bank fraud and computer damage to providing material support to terrorists. If convicted, they face prison terms ranging from 20 to 335 years.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

googlenews



Source link