A common theme for Cobalt is to start with spear-phishing emails to gain the initial entry. In financial attacks, the emails usually masquerade as other financial institutions or a financial supplier/partner domain to gain the target’s trust.
In 2017, it was reported that Cobalt had expanded its range into also targeting government, telecom/Internet, service providers, manufacturing, entertainment, and healthcare organizations, often using government organizations and ministries as a stepping stone for other targets.
In an analysis of the new campaign, Netscout’s ASERT researchers found that the cybergang used phishing emails that contained malicious URLs.
Cobalt is credited with the theft of USD 9.7 million from the Russian MetakkinvestBank; ATM thefts of USD 2.18 million from Taiwan banks; a SWIFT attack on Russian banks; and more than 200 other attacks on banks in Europe, Thailand, Turkey and Taiwan.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now