ATMitch: remote administration of ATMs

In February 2017, we published research on fileless attacks against enterprise networks. We described the data collected during incident response in several financial institutions around the world, exploring how attackers moved through enterprise networks leaving no traces on the hard drives. The goal of these attackers was money, and the best way to cash out and leave no record of transactions is through the remote administration of ATMs.

https://securelist.com/blog/sas/77918/atmitch-remote-administration-of-atms/