The Carbanak Group, aka Cobalt Group and FIN7, is not yet defeated. The cybercrime gang just tried to break into Russian and Romanian banks with spear-phishing emails loaded with dual malicious links
The Carbanak Group, aka Cobalt Group and FIN7, is not yet defeated. The most financially destructive cybercrime group has just tried to break into Russian and Romanian banks with spear-phishing emails loaded with dual malicious links. The twofer strategy of loading an email with both a Word document and a JPEG – both rigged with malware – appears to be an insurance policy of sorts that the victim will be tempted to click on at least one of the links that leads to the malicious files, according to Richard Hummel, threat research manager for Arbor ASERT, which analyzed the group’s latest attack campaign, quoted in a Darkreading article. “I think it’s more of a redundancy thing with the two vectors,” Hummel says, noting that it’s relatively unusual for cyber attackers to have two malicious links in one phish.
The arrest of the leaders of the cybercrime group didn’t stopped the cyber attacks
In late March, Spanish police arrested the alleged leader of the Carbanak/Cobalt/FIN7’s cybercrime group. It is believed to have stolen more than $1.2 billion from 100-plus banks across 40 countries since it was first observed in 2013. His name was not released, but Spanish authorities reportedly said he was a Ukrainian and identified as “Denis K.” In August, the US Department of Justice announced that three additional high-level leaders of the organization – Ukrainian nationals Dmytro Fedorov, 44, Fedir Hladyr, 33, and Andrii Kolpakov, 30 – were in custody and had been indicted. US law enforcement officials said the cybercrime group stole payment card data from millions of customers via more than 100 US retail companies, including Saks Fifth Avenue, Chipotle Mexican Grill, Arby’s, and Red Robin. Cyber security experts say the group’s ability to continue its operations despite the high-level arrests o, as well as the regular exposure by security researchers of its cyber attack campaigns, demonstrates how hard it is to fully shutter a massive cybercrime operation with global ties.