This report analyzes the long‑running cyber threat group UNC2891, showing how ATM‑focused attacks continue to evolve rather than disappear. It outlines key findings, the challenges of attributing operations, and a detailed kill chain used to compromise targeted bank networks. Case studies from 2022 to 2024 involving multiple Indonesian banks reveal consistent techniques, including STEELCORGI malware, privileged access escalation, lateral movement, and coordinated cash‑out operations using money mules. The report highlights the group’s persistent tactics and emphasizes the need for strong threat intelligence to detect and disrupt similar financial cybercrime campaigns.

Join for free to read