Collaborate Disseminate
A new threat group has been discovered targeting Middle Eastern critical infrastructure firms with spearphishing emails laced with malware. Continue reading Oil and Gas Firms Targeted By New LYCEUM Threat Group
It’s starting to look like the global private sector might have a real problem on its hands. Despite international media attention and a series of high-profile arrests, some of the world’s most prolific cybercriminals only seem to be accelerating their hacking sprees. Financially motivated hacking groups including FIN7, Cobalt Group and the Contact Crew remain active, staying busy well into this year, according to Accenture Security’s 2019 Threatscape report. The cybercrime syndicates, which have haunted financial and retail companies since at least 2016, have spent the first half of 2019 updating their malicious software tools and expanding their reach. The findings are more bad news for international companies, which last year saw cyberattacks rank among the biggest risks for companies worldwide, according to the World Economic Forum. Now, if Accenture’s 102-page report is any indication, the world’s most capable hackers only are fine-tuning their techniques to carry out targeted intrusions. This comes […]
The post Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail appeared first on CyberScoop.
Continue reading Financial hacking teams FIN7, Cobalt Group update tactics to haunt banks and retail
Threat actors have updated their malware to include a macro-based delivery framework. Continue reading Cobalt Group Pushes Revamped ThreadKit Malware
A financially-motivated hacking group is trying to evade detection while it targets bank employees across the globe, according to research from cybersecurity company Palo Alto Networks. The Cobalt Group (also known as the Cobalt Gang) this month sent PDF files to bank employees to try to get them to download malicious macros, said researchers from Palo Alto Networks’ Unit 42 threat intelligence team. It is just the latest in a series of activities from a group known for its brazen multimillion-dollar heists on ATMs and the SWIFT banking-transaction system. The recent attack tracked by Unit 42 is simple – the PDF document doesn’t have code or an exploit. Instead, the attackers use social engineering to try to get the bank employees to download the macros. A link embedded in the PDF redirects the target to a malicious document. “Hiding in plain sight is a well-known tactic and that’s what we see these attackers […]
The post Cobalt Group tries to slip malicious PDFs past bank employees, researchers say appeared first on Cyberscoop.
Continue reading Cobalt Group tries to slip malicious PDFs past bank employees, researchers say
These stealthy downloaders initially infect systems and then only install additional malware on systems of interest. Continue reading Bad Actors Sizing Up Systems Via Lightweight Recon Malware
The campaign uses double infection points and two command-and-control servers. Continue reading Cobalt Group Targets Banks in Eastern Europe with Double-Threat Tactic
The threat actors behind widespread attacks on banks and ATM jackpotting campaigns in Russia and Europe resurfaced in may, attacking banks. Continue reading Despite Ringeader’s Arrest, Cobalt Group Still Active