lolloj - Fotolia

Cobalt cyber heist group mounts new campaign

Security researchers discover new campaign using two malicious links to double the chances of infection, which is believed to be linked to a notorious cyber crime group

Researchers at security firm Netscout have discovered a financially motivated cyber attack campaign that could be linked to the Cobalt Group, which is believed to be responsible for cyber heists costing millions.  

Similarities in phishing emails used in the new ongoing campaign targeting financial institutions in Eastern Europe and Russia led researchers to suspect a link to the Cobalt group, which has targeted mainly financial organisations in the past, often by using automatic teller machine (ATM) malware.

The latest campaign, discovered on 13 August, is using spear phishing attacks to steal legitimate credentials to bypass security defences and gain entry to banking IT systems. The emails appear to come from a financial supplier or partner, increasing the likelihood of infection.

One phishing email analysed by the researchers contained two malicious links. One is a weaponised Word document that contains obfuscated VBA [Visual Basic for Applications] scripts, and the other is a binary (executable file) with a .jpg image file extension.

Making use of separate infection points in one email with two separate command and control servers is unusual and could be aimed at increasing the likelihood of success, the researchers said.

The binaries analysed contained two unique command and control servers, which Netscout researchers believe are owned and operated by the Cobalt hacking group.

They think the cyber attack group will continue targeting financial organisations in Eastern Europe and Russia based on the attack methods in this campaign.

Banking and other financial institutions are advised to ensure that employees are trained to spot phishing emails.

Read more about phishing

These and other organisations should also ensure they have the capability to inspect emails closely to identify fake domains that might contain malicious attachments or links.

Cobalt Group’s operations appear to be continuing despite the arrest earlier this year of the suspected mastermind behind the bank heists by the Cobalt and Carbanak groups.

The wider criminal operation uses both Cabanak and Cobalt malware and is linked to the theft of up to $1bn from financial institutions in more than 40 countries.

According to Europol, the Cobalt malware enables criminals to steal up to €10m in each heist.

Read more about cyber crime

Read more on Hackers and cybercrime prevention

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

  • How do I size a UPS unit?

    Your data center UPS sizing needs are dependent on a variety of factors. Develop configurations and determine the estimated UPS ...

  • How to enhance FTP server security

    If you still use FTP servers in your organization, use IP address whitelists, login restrictions and data encryption -- and just ...

  • 3 ways to approach cloud bursting

    With different cloud bursting techniques and tools from Amazon, Zerto, VMware and Oracle, admins can bolster cloud connections ...

SearchDataManagement

Close