U.S. DOJ Charges 54 Individuals in Major ATM Jackpotting Operation Using Ploutus Malware
The U.S. Department of Justice has announced criminal charges against 54 individuals linked to a large-scale ATM jackpotting operation that used Ploutus malware to steal millions of dollars from financial institutions across the United States.
According to court documents, the group operated as a coordinated cyber-physical crime network, combining physical access to ATM machines with specialized malware to force cash dispensers to release money on command.
How the attack worked
Unlike traditional card skimming, ATM jackpotting requires direct access to the machine. Investigators say attackers followed a structured process:
reconnaissance of targeted banks and credit unions
physical access to ATM enclosures
installation of Ploutus malware via USB devices or replaced hard drives
remote or local execution of commands to empty cash cassettes
The malware was also designed to disable logging and forensic traces, making detection more difficult.
Why this matters
Ploutus malware has been active for years, but this case demonstrates how organized groups continue to combine cyber and physical techniques to bypass traditional security controls.
Federal prosecutors stated that the stolen funds were laundered through international networks, underscoring the global nature of ATM-focused cybercrime.
DIAMATIX Perspective
This case highlights a critical reality for financial institutions:
Cybersecurity is no purely digital. Physical access, endpoint protection, monitoring, and incident response must operate as one system.
ATM and branch infrastructure remain attractive targets when monitoring, segmentation, and integrity controls are insufficient.
Sources:
U.S. Department of Justice (December 2025)
Independent reporting by cybersecurity and financial crime analysts
Trusted · Innovative · Vigilant
