OAN Staff Brooke Mallory
4:59 PM – Monday, January 26, 2026
The Department of Justice (DOJ) announced on Monday that it has charged 31 additional individuals in connection with a sprawling, multi-million dollar “ATM jackpotting” scheme linked to Tren de Aragua (TdA).
Fifty-six others have already been charged, and this latest round of indictments brings the total number of defendants in the case to 87, as federal authorities move to dismantle a financial pipeline purportedly used to fund the violent Venezuelan gang.
“Many of the defendants charged in this Homeland Security Task Force operation are Venezuelan and Colombian nationals including illegal alien Tren de Aragua (TdA) members,” the DOJ announced.
“Tren de Aragua is a complex terrorist organization that commits serious financial crimes in addition to horrific rapes, murders, and drug trafficking,” Attorney General Pamela Bondi added. “This Department of Justice has already prosecuted more than 290 members of Tren de Aragua and will continue working tirelessly to put these vicious terrorists behind bars after the prior administration let them infiltrate our country.”
The charges, returned by a federal grand jury in the District of Nebraska, describe a highly coordinated effort to hack into ATMs across the United States using sophisticated malware to force the machines to dispense their entire reserves of cash.
According to court documents, the conspiracy relied on a variant of the Ploutus malware, one of the most advanced families of ATM-targeting software. The operation was also not a simple smash-and-grab as it involved a methodical, three-step technical execution:
- Reconnaissance: Groups would travel in multiple vehicles to scout banks and credit unions, testing whether tampering with the machine’s “hood” or door would trigger a silent alarm or local law enforcement response.
- Physical Incursion: Once a target was deemed safe, conspirators gained physical access to the ATM’s internal components. They would either replace the internal hard drive with one pre-loaded with malware or insert a thumb drive to deploy the malicious code.
- The “Jackpot”: The malware issued unauthorized commands to the ATM’s Cash Dispensing Module, forcing the machine to empty its currency into the hands of the “mules” waiting at the terminal.
“The Ploutus malware was also designed to delete evidence of its presence, creating a false impression to mislead bank employees from discovering the breach,” federal prosecutors continued.
U.S. Attorney Lesley A. Woods for the District of Nebraska stated that the millions stolen from American financial institutions were funneled back to the gang’s leadership to finance a “campaign of terror.” This includes human trafficking, kidnapping and murder.
The investigation is a joint effort by the Homeland Security Task Force (HSTF), the FBI, and the U.S. Secret Service. Deputy Attorney General Todd Blanche emphasized that the DOJ is prioritizing the dismantling of foreign criminal networks that exploit U.S. infrastructure.
“We will not stop until we completely dismantle and destroy TdA and other foreign terrorists that import chaos to America,” Blanche said in a statement.
The 31 newly charged individuals face a litany of counts, including conspiracy to commit bank fraud and bank burglary, conspiracy to provide material support to a foreign terrorist organization, computer fraud and damage to protected computers, and money laundering.
As the investigation continues, federal authorities have since warned financial institutions — especially those using older ATM models running legacy software — to enhance physical security and monitor for unauthorized hardware connections.
Stay informed! Receive breaking news alerts directly to your inbox for free. Subscribe here. https://www.oann.com/alerts
What do YOU think? Click here to jump to the comments!
Sponsored Content Below
