NgCERT Warns of $2 Million ATM Cash-Out Cyberattack on UBA Senegal

NgCERT issued a cybersecurity advisory on June 25, 2026, alerting financial institutions of a coordinated ATM cash-out attack that resulted in losses exceeding $2 million at UBA Senegal. The attack involved 3,421 fraudulent withdrawals executed by cybercriminals who compromised the bank's card authorization infrastructure. Attackers gained access through phishing, supply chain vulnerabilities, or insider assistance, allowing them to manipulate transaction controls. This incident highlights a sophisticated methodology that poses a significant threat to banks across Africa. NgCERT emphasized the potential for massive financial losses, operational disruptions, and reputational damage if such vulnerabilities are exploited. Recommendations include strengthening security controls, implementing multi-factor authentication, and enhancing real-time transaction monitoring. The advisory underscores the urgency for banks to act to prevent similar incidents.

Key Points: • NgCERT reported a $2 million loss from ATM cash-out attacks on UBA Senegal. • Attackers compromised card authorization systems, enabling large-scale fraudulent withdrawals. • Financial institutions are urged to enhance security measures to prevent future attacks.