Kaspersky Lab welcomes recent law enforcement operation against Carbanak group

Information Technology Press Releases Wednesday March 28, 2018 14:28
Bangkok--28 Mar--Kaspersky Lab

"The recent success in the fight against the Carbanak cybercriminal group is very good news for the whole industry and highlights how the exchange of information between countries is especially important in countering cybercrime," says Sergey Golovanov, Principal Security Researcher in the Global Research & Analysis Team, Kaspersky Lab.

Carbanak is an advanced persistent threat (APT)-like campaign, using targeted attack tools to hit financial institutions around the world for the main purpose of theft.

It was uncovered in 2015 by Kaspersky Lab together with INTERPOL, Europol and a number of other law enforcement authorities based on incident back to 2013. At the time, the group was using a range of tools, including a program called Carbanak. After the publication of Kaspersky Lab's findings in 2015, the group adapted its tools and started to use Cobalt-strike malware as well as its servers' names and infrastructure.

The group uses social engineering techniques, such as phishing emails with malicious attachments (for example Word documents with embedded exploits), to target employees in financial institutions of interest. Once a victim is infected, the attackers install a backdoor designed for espionage, data theft and remote management of the infected system, looking for financial transaction systems.

At the time of discovery, Kaspersky Lab researchers estimated that the Carbanak group had stolen up to a $1 billion. Since 2013, the group has hit more than 100 banks, e-payment systems and other financial organizations, in at least 30 countries in Europe, Asia, North and South America, and other regions, stealing more than billions of dollars from victims.

Based on the successful research into Carbanak, in 2016, Kaspersky Lab discovered two groups acting in a very similar way to Carbanak – Metel and GCMAN. They were attacking financial organizations using covert APT-style reconnaissance and customized malware, along with legitimate software and new, innovative schemes to cash out. Other actors have also implemented Carbanak-like techniques, tactics and procedures, for instance Lazarus and Silence.

Given the international scale of these actors' activities, we believe that there are dozens of people involved in this cybercrime activity. Discovered artefacts in the malicious files and victims' computers suggest that the creators of the Carbanak malware are Russian-speaking. Although, to perform cybercriminal activities in each country the group generally also looked for a native speaker.


Latest Press Release

Apacer เปิดโลกการเชื่อมต่ออัจฉริยะในงาน COMPUTEX TAIPEI 2019

Apacer ผู้นำอุตสาหกรรมการผลิตดิจิตอลสตอเรจ ได้เข้าร่วมงาน COMPUTEX TAIPEI 2019 และสาธิตโปรแกรมใหม่ "Welcoming Intelligent Connectivity" แสดงผลงานของ Apacer ที่มุ่งมั่นสำหรับ Intelligent Connectivity, High-end Experts และ The Shape of the Future...

HIS MSC ร่วมงาน Infor Hospitality Customer Days 2019

HIS MSC Company Limited นำโดยคุณภูษิต อรุณรัตนดิลก, Vice President และทีมงานเข้าร่วมงาน "Infor Hospitality Customer Days 2019" กับ Infor ณ Sofitel Bali Nusa Dua Beach Resort เกาะบาหลี ประเทศอินโดนิเซีย ในวันที่ 9-10 พฤษภาคม 2562 ในงานสัมมนาประจำปีของ...

Transcend Launches ESD350C Portable SSD for Breakneck Speeds

Transcend Information Inc., a leading manufacturer of storage and multimedia products, is pleased to announce the release of its new Portable SSD, the ESD350C. Featuring a USB Type-C port and supporting the USB 3.1 Gen 2 interface, the drive delivers...

ST Foundation, a Leading Korea Technology Corporation, Takes Over #MY1EX#

ST Foundation, a leading Korean technology corporation, has taken over "MY1EX", a Southeast Asia Exchange under OKEX, a world-leading digital asset exchange. The corporation is also attracting attention from experts by accelerating its blockchain...

Photo Release: PTTEP unveils AI and Robotics Ventures to drive businesses through innovations

Dr. Siri Jirapongphan, Minister of Energy, presided over the opening ceremony of AI and Robotics Ventures (ARV), a subsidiary of PTT Exploration and Production Public Company Limited (PTTEP), which provides cutting-edge Artificial Intelligence and...

Related Topics