Cybercrime crew Cobalt goes phishing in Eastern Europe
US-based firm Netscout has spotted a new hacking campaign by Cobalt, a cybercrime group suspected of targeting financial institution throughout the world.
The group often makes use of ATM malware to target these institutions. Researchers believe they are responsible for a series of attacks on the Swift banking system, costing millions in damages to the impacted entities.
Netscout researchers spotted this new campaign on 13 August, with target institutions in Eastern Europe and Russia, with the active campaigns utilising spear phishing to gain entry – posing as a vendor or partner and using tools to bypass Windows defences.
The firm explains that it has found a total of two attacks, targeted to NS Bank in Russia, and Banca Comercială Carpatica / Patria Bank in Romania.
Within these campaigns, researchers found malicious URLs in one phishing email, weaponised word documents, as well as dangerous jpg files.
Netscout was able to identify Cobalt Group as the source due to the use of C2 servers by the binaries.
Cobalt has been naughty before. As reported in March, the European Banking Federation’s (EBF) Cybersecurity Working Group played a part in the arrest of a key member of a global cybercrime syndicate responsible for more than 100 digital bank robberies in 40 countries.