■■■□□ UNC2891 Bank Heist: Physical ATM Backdoor & Linux Forensic Evasion Evasion
Deep dive into UNC2891’s multi‑stage bank intrusion: Raspberry Pi ATM implant, bind mount evasion, Dynamic DNS C2, and a CAKETAP move toward HSM manipulation.
https://www.group-ib.com/blog/unc2891-bank-heist/