Hacks of banks' centralised systems had made groups of machines issue cash simultaneously, a process known as "touchless jackpotting", said Group IB.
全球网络安全公司Group IB表示,黑客运用一种名为“自动吐钞”的程序攻击银行的中央系统,从而使多台自动取款机同时自动吐出现钞。
The machines had not been physically tampered with, it said, but "money mules" had waited to grab the cash.
Group IB称,这些自动取款机的硬件并没有被动过手脚,但“钱骡们”却都伺机从中大捞一笔。
Affected countries are said to include Armenia, Estonia, the Netherlands, Poland, Russia, Spain and the UK.
But the company declined to name any specific banks.
但Group IB拒绝透露任何被攻击银行的名字。
Dmitriy Volkov from Group IB told the BBC a successful attack could net its perpetrators up to $400,000 at a time.
Group IB的德米克利•沃尔科夫对BBC说,一次成功的攻击最多可让犯罪团伙净赚40万美元。
"We have seen such attacks in Russia since 2013," he said.
"The threat is critical. Attackers get access to an internal bank's network and critical information systems. That allows them to rob the bank."
Two cash machine manufacturers, Diebold Nixdorf and NCR Corp, told Reuters they were aware of the threat.
"They are taking this to the next level in being able to attack a large number of machines at once," said senior director Nicholas Billett, from Diebold Nixdorf.
"They know they will be caught fairly quickly, so they stage it in such a way that they can get cash from as many ATMs as they can before they get shut down."
'Follow the money'
A recent report by Europol warned of the rise of cash-machine-related malware, although it said "skimming" - using hardware to steal card information at the machine itself - was still more common.
"The new method is being done by somehow gaining access to the banks' central systems and infecting whole communities of ATMs simultaneously, hence multiplying the amount of money that can be stolen in a short time," said Surrey University's cybersecurity expert Prof Alan Woodward.
Because criminals were collecting the cash in person, it made the crime more difficult to trace, he added.
"The classic way of solving online financial crime is to 'follow the money' - but when you can no longer do this, it is very hard to find out who is behind it, even though the evidence suggests it is a very limited number of groups that have started perpetrating this type of crime."