Crime Bulgarian National Arrested for Planting Malware in ATMs

[Georgealbert]

 

Picture courtesy of Khaosod.

 

A 50-year-old Bulgarian man has been arrested in connection with a sophisticated scheme to disable ATM machines across Thailand by installing data transmission cables embedded with malware. Authorities say the cyberattack has already affected at least 13 machines and has caused serious disruption to financial institutions.

 

The arrest was announced at a press conference on 28 May, held at the Technology Crime Suppression Division 2 (TCSD2) in Muang Thong Thani, where senior police officials, including Police Lieutenant General Trirong Phiwphan and Police Major General Siriwat Deepor, confirmed the suspect’s involvement in a wider network of international criminals targeting ATM infrastructure.

 

According to Police Colonel Weerkwin Sermsri Thanachai, the case was triggered in March 2025 when a financial institution reported suspicious activity involving an individual posing as a legitimate ATM maintenance technician. The suspect, equipped with a master key, allegedly opened ATM cabinets, replaced internal data cables and removed the original cables.

 

Subsequent investigations revealed that the replacement cables contained a virus known as “Jackpot,” which could be activated via an embedded SIM card using internet signals. The malware disrupted the machines’ electrical systems, rendering them unable to dispense cash, thus undermining the country’s financial security.
 

Police investigators tried to trace the suspect and his accomplices, believed to be two or three foreign nationals, using CCTV footage. They identified a rented white Honda City vehicle used in the operation and tracked it to the rental company, which provided the suspect’s personal information. Surveillance led police to a residence in Bang Phlap, Pak Kret district, Nonthaburi.

 

On 27 May, officers executed a search warrant issued by the Nonthaburi Provincial Court and arrested Mr. Ivan Valtsev at the premises. Inside the house, police recovered several stolen data cables and computer equipment believed to be linked to the crimes.

 

Mr. Valtsev faces a slew of charges, including night-time theft involving security breaches, the unauthorised interception of computer data, malicious modification of computer systems, and actions aimed at disrupting the functionality of critical infrastructure. The charges also include unauthorised access to secured computer systems used by banks and other financial institutions, with potential implications for national economic and public security.

 

The malware installed on the ATMs, meant the machines were fully under the control of the suspect to dispense cash as required, to him or his accomplices only.

 

The suspect has partially denied the allegations, claiming he was only responsible for opening the ATMs and that the equipment found in his possession belonged to him. Police are now intensifying efforts to locate his accomplices and investigate any broader network involved in the cybercrime. Full details will be released as the investigation continues.

 

The case highlights increasing concerns over digital threats to financial institutions and the need for robust cybersecurity measures in Thailand’s banking sector.

 

 

  Adapted by Asean Now from Khaosod 2025-05-29.

 

 

 

[webfact]

 

 

Pictures courtesy of Siam Rath

[Enoon]

The malware doesn't disable machines.

 

On the contrary.....they chuck out cash to order when an accomplice turns up to collect it. 

 

"Everything you need to know about ATM jackpotting attacks..........The term jackpotting was inspired by a hacker called Jack Barnaby, who demonstrated a jackpotting act at the Black Hat Security Conference in 2010. After he conducted a successful hack, the word Jackpot appeared on the ATM’s screen while it was spewing piles of cash........To avoid suspicion, hackers dress up like ATM technicians. After gaining access to the ATM’s internal computer, the attacker inserts a malware-ridden USB device and, with the help of the ATM’s keyboard, activates the ATM malware."

 

https://nordvpn.com/blog/atm-jackpotting/

 

[smedly]

2 hours ago, Georgealbert said:

posing as a legitimate ATM maintenance technician. The suspect, equipped with a master key, allegedly opened ATM cabinets, replaced internal data cables and removed the original cables.

really ?

[Digitalbanana]

2 hours ago, Georgealbert said:

The suspect, equipped with a master key, allegedly opened ATM cabinets, replaced internal data cables and removed the original cables.

A master key in the wrong hands suggests either insider involvement, theft of legitimate keys, or vulnerabilities in the key management system of the ATM manufacturer or bank.

[save the frogs]

finally a bulgarian in the news.

 

i didnt even know that was possible.

 

some of world's best hackers are from that part of the world. 

 

[Quentin Zen]

2 hours ago, Georgealbert said:

arrested Mr. Ivan Valtsev

This is why I only go to the main branch in a city to withdraw money. Usually, there's a security guard on his phone, but it's better than nothing. My feeling is he didn't work alone. Get into his phone, arrest all his contacts in Thailand, and Blacksite until they talk. This is the tip of the iceberg.   It's too bad they can't sue Bulgaria, have the embassy pay, or be gone.   Fines of billions.   Gotta get that money.  

[khunjeff]

7 hours ago, Georgealbert said:

The suspect has partially denied the allegations, claiming he was only responsible for opening the ATMs and that the equipment found in his possession belonged to him.

 

Oh, so then everything is fine, nothing to see here 😅

[norsurin]

Scumbag..hope u rotten in jail.

[riverhigh]

Jail and  interrogate  by all means necessary until he informs  on his associates. Forget the BS that machines were his. No financial institution would ever allow an ATM leasing company to tamper with their machines. With all the equipment in his room and he had the audacity to think that the police were dumb enough to beleive he was just opening the ATM machine.  Zero sympathy for this hardened criminal. He knew exactly what he was doing and needs to be made an example of with a lenghty jail senetence. 

[Jing Joe]

Quite smart sleuth work on the part of the Thai police.

[hotchilli]

Seems strange they'd let a foreigner open and ATM machine when everything appears to be working just fine ?

[Joe Boy Walton]

8 hours ago, Georgealbert said:

rendering them unable to dispense cash, thus undermining the country’s financial security.

Hmmmm, doesn't say much about LOS financial security if a dodgy ATM could bring it all crashing down.

[Freddy42OZ]

24 minutes ago, riverhigh said:

Jail and  interrogate  by all means necessary until he informs  on his associates. Forget the BS that machines were his. No financial institution would ever allow an ATM leasing company to tamper with their machines. With all the equipment in his room and he had the audacity to think that the police were dumb enough to beleive he was just opening the ATM machine.  Zero sympathy for this hardened criminal. He knew exactly what he was doing and needs to be made an example of with a lenghty jail senetence. 

A quick execution and then his photo on the wall in the airport so all arriving passengers walk past a long list of executed criminals, with their nationality, age and the crime they were executed for.

People need to be scared into not breaking the law.

[arick]

I can't even get all these cables to work and connect my SS drive to my new computer

[Dave0206]

Makes you wonder when they were going to pull the trigger and empty the machines and how many more machines were on his hit list ?

I assume they watch for machines to be refilled how much would a machine hold 1million? I really don't know 

[ukrules]

9 hours ago, Georgealbert said:

thus undermining the country’s financial security.

A bit of an overreaction huh?

[Jiggo]

How refreshing a Bulgarian for a change, not the normal Brit, Yank or Russian sorry nearly forgot Auzzie 

[edwardflory]

The charge, """disrupting the functionality of critical infrastructure""" ought to be good for a "life term" in prison.

[spidermike007]

I wonder how many foreign ATM specialists there are legally working here in Thailand? 

 

The moral of this story is never try to steal money from a bank, and if you're going to steal it steal it at arm's length with a master hacker, and make sure it's at least 50 million dollars, otherwise it's not worth the risk. 

[JoseThailand]

7 hours ago, save the frogs said:

some of world's best hackers are from that part of the world. 

 

Somehow the best hackers and scammers come from poor countries

[Magictoad]

Give him a hiding he will never forget then send him to the Soviet Union after 25 years here.

[Magictoad]

6 minutes ago, JoseThailand said:

 

Somehow the best hackers and scammers come from poor countries

He got caught! The best ones don't.

[Tarteso]

Smart Police… including finger point 👍

[Andrew65]

10 hours ago, save the frogs said:

finally a bulgarian in the news.

 

i didnt even know that was possible.

 

some of world's best hackers are from that part of the world. 

 

Some years ago it was reckoned that many of the best IT people come from Russia.

[newbee2022]

14 hours ago, Georgealbert said:

Mr. Valtsev faces a slew of charges,

Including a missing work permit I reckon 😂

[Peabody]

I'm curious about the thick, black eyeglasses in the 2nd photo. Maybe smart-glasses, with a zoom camera or somesuch to see PINs?

[factual monk]

He should have stopped after 12 ATMs... and swindled...

13 is an unlucky number and he got caught... 

 

[tjintx]

I asked my bank if I could get an ATM master key, just to open the ATM devices, nothing more.    I'll advise this thread when they reply, I feel pretty good about this.

[wensiensheng]

I somehow doubt that he intended to bring down the financial system of Thailand. Doing that one atm at a time would take a lifetime.

 

Seems to me he just wanted atm machines to dispense boatloads of cash to him and his mates.