Nigerian hackers exploited UCPB bank vulnerabilities to steal millions from online bank & ATMs during Philippines Independence Day

Over the past Philippine Independence Day (held in June), a hacker group managed to steal millions of Philippine pesos from United Coconut Planters Bank (UCPB) using a combination of massive ATM withdrawals and online transfers during the three-day holiday.

The first investigations have concluded, so the Philippine authorities have revealed that the attack would have been perpetrated by local hackers in complicity with local cybercriminals, who managed to make about 60 withdrawals at a single ATM, completely emptying the machine. 

Another detail revealed about the incident is that the amount stolen amounts to 167 million Philippine pesos (around $35 million USD). According to one source, the authorities are looking at whether the crime was perpetrated with the collaboration of internal staff of the bank under attack.    

Other reports indicate that behind the incident a much larger and more dangerous hacker group could be found, as a fraction of the stolen money was transferred through online operations to accounts of other local banks, from which the money was withdrawn moments after the attack.

The anonymous informant claims that at least 13 bank accounts were created for this purpose; the accounts used by the hackers are inactive: “The owners of these accounts are being investigated by local authorities”. The informant also mentions that complaints are being filed against holders of other accounts potentially linked to embezzle.

The authorities remain surprised by the cunning of the hackers, as they took advantage of the low activity on holidays to complete the mass heist with the help of the bank’s ATM network. As mentioned in previous paragraphs, the criminals managed to make 57 withdrawals from a single cashier, conduct that could be verified when analyzing the bank’s surveillance videos. It was the local authorities who analyzed the videos, discovering that those who made these cash withdrawals were Nigerian immigrants.

Regarding the method hackers used to go unnoticed, the informant believes the problem began when the bank decided to upgrade its computer systems, so much of its IT infrastructure migrated to Microsoft-offered services: “Many of us believe this generated an exploitable vulnerability,” says the anonymous informant.