The story of Carbanak began when a bank from Ukraine asked us to help with a forensic investigation. Money was being mysteriously stolen from ATMs. Our initial thoughts tended towards the Tyupkin malware. However, upon investigating the hard disk of the ATM system we couldn't find anything except a rather odd VPN configuration (the netmask was set to 172.0.0.0).
more here.......http://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/
more here.......http://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/