Skip to content ↓ | Skip to navigation ↓

The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a malware attack that cost it 12 million baht, or about $378,000.

GSBlogoOn 23 August, GSB shut down approximately 47 percent of its ATM network when it disabled service to approximately 3,300 of its 7,000 machines. The affected machines are of the Scotland-based NCR brand.

The decision follows GSB’s discovery that five Eastern Europeans stole 12 million baht from 21 of its machines in six provinces – Phuket, Surat Thani, Chumphon, Prachuap Khiri Khan, Phetchaburi and Bangkok.

According to Bangkok Post, officials involved with the investigation say they have surveillance tapes of the alleged suspects at work. The footage shows them inserting electronic cards made in Ukraine into the 21 ATMs, which had previously been infected with malware. The attackers then dispensed millions of baht before some of them reportedly fled the country.

They withdrew the money directly from the bank, GSB president Chartchai Payuhanaveechai is careful to point out, and not from customers’ accounts.

“The GSB wants to inform the public and customers about the reason behind the closing of some ATM machines and to prevent more damage to the bank. This theft is not related to customers’ accounts and money.”

This might not be the thieves’ first time targeting ATMs, either.

Police general Panya Mamen believes the same Eastern Europeans used ATM malware to steal approximately $2.1 million from the top eight banks in Taiwan back in July, forcing the financial institutions to shut down their ATM networks.

As quoted by local media:

“As of now the evidence we have found makes us confident that this group is linked to the gang who committed a similar robbery in Taiwan. Investigators believe their identity is Eastern European though we are investigating whether any Thais were involved.”

Investigators are currently looking for the suspects.

In the meantime, GSB has sent infected hard disks of the affected ATMs to NCR for analysis. It has also since resumed service for 3,343 ATMs supplied by the vendor after thoroughly checking those machines.

News of this heist follows several months after attackers abused the SWIFT banking network to target banks in Vietnam, Ukraine, Bangladesh, and elsewhere with fraudulent money transfers.