Starting May 13, 2024, the Secret Service's Global Investigative Operations Center (GIOC) has identified a new jackpotting attack targeting retail ATMs in the U.S. This attack involves remotely accessing ATM software via a malicious IP address and spoofing the Remote Management Solutions (RMS) program to execute a man-in-the-middle (MiTM) attack. The attackers manipulate settings to raise withdrawal limits and approve declined transactions, debiting the ATM without charging the card used.