Khaberni - In a notable development in the cybercrime file, a federal grand jury in Nebraska, USA, has revealed charges against an additional 31 people as part of what the authorities describe as a national conspiracy to hack ATMs, bringing the total number of defendants in the case to 87.
The charges include conspiracy to commit bank fraud, bank theft, and electronic fraud, following two previous indictments issued in October and December 2025, which targeted another 56 individuals, according to a report published by "slashgear" and reviewed by "Al Arabiya Business".
Millions of dollars via "Jackpotting" technology
According to a statement from the US Department of Justice, the plan relied on implanting malicious software inside ATMs in several states, using a method known in cybersecurity circles as "Jackpotting".
This technique involves forcing the ATM to eject cash when it receives unauthorized commands, without the need for bank cards or account details.
According to the prosecution, the defendants connected an external storage device — such as a USB drive — containing the malicious software, enabling them to withdraw millions of dollars illegally.
The investigation is led by the FBI in Omaha, in cooperation with the Homeland Security Investigations and several law enforcement agencies across the country, while the prosecution is handled by both the Computer Crime and Intellectual Property Section of the Justice Department and the Attorney General's Office in Nebraska.
How was the hack executed?
Despite the complex nature of the attack, the technical mechanism was simpler than many might expect. Essentially, an ATM is just a conventional computer, often running on systems like Windows 10 LTSC 2015, which has recently reached the end of technical support.
By relying on standard components that include USB ports and traditional connections, the device becomes vulnerable to the same types of malicious software that might infect home computers — provided that there is physical access to its internal components.
The indictment mentions the use of a modified version of a malicious software known as "Ploutus", which was first detected in Mexico in 2013 and targets an intermediate software layer known as XFS (short for eXtensions for Financial Services).
This layer acts as a link between the operating system and the cash dispensing unit within the device. "Ploutus" exploits this intermediary to bypass legitimate banking transaction systems and send direct commands to the cash dispenser.
This method differs radically from traditional "Skimming" operations that target card data, attacking the device directly.
Advance scouting and execution in minutes
As informed by the Justice Department, the network members operated in groups, using multiple vehicles to scout banks and credit unions targeted, monitoring camera locations and alarm systems.
After opening the machine's outer casing, they would wait to ensure there was no security response before installing the malicious software.
This was done either by replacing the hard drive or connecting an external storage unit.
The investigations indicate that the entire operation usually took no more than ten minutes, with the software designed to erase its tracks after execution, which complicated the process of breach detection by bank employees.
Continuous development of the software
"Ploutus" is a well-known software family among law enforcement agencies for over a decade.
According to previous reports by Europol and Trend Micro, the software has undergone significant developments.
Initially, it required CDs for installation, but later versions became more complex, involving, in some cases, the concealment of a mobile phone inside the device's structure, allowing a text message to activate a cash dispensing command remotely.
Possible penalties up to 335 years
If convicted, the defendants face prison sentences ranging from 20 to 335 years, depending on the charges attributed to them.
However, the indictment remains a procedural first step, as all accused are presumed innocent until final judicial rulings are issued.
