Cybercriminals are using a black box with proprietary codes to illegally dispense cash.

The scoop

Threat actors have resorted to using software from Diebold Nixdorf ATMs in a series of hacks against cash terminals across Europe. These attacks come with the use of a black box device and Diebold’s ProCash 2050xe USB terminals are targeted. It is believed by the company that the device used “contains parts of the software stack of the attacked ATM.”

What should you know about the attacks?

  • These attacks are known as jackpotting and aim to illegally dispense cash from ATMs. The attackers connect their device to the dispenser and target the communication to the cash-handling device.
  • In the recent attacks, the actors are destroying the ATM fascia to gain access to the head compartment.
  • After this, the attackers disconnect the USB cable between the CMD-V4 dispense and the special electronics, or the cable between special electronics and the ATM PC.
  • Instead, this cable is connected to the black box device used by attackers to send their malicious cash dispensing commands to the ATM.

Suggestions by Diebold

  • Terminal operators are advised to implement the latest machine protections.
  • Customers are recommended to enforce hard-disk encryption mechanisms to protect the terminal from software modifications.


The bottom line is that it is not yet clear as to how the threat actors gained access to the internal software of the machines. However, no cardholder information has been compromised, as per Diebold.

Cyware Publisher