The Carbanak cybercrime group has been active since 2013,
conducting APT-style campaigns targeting multiple organizations with a variety
of malware. This group was mostly low-profile until they stole as much as one
billion dollars from banks in 2015.
Now, however, the group is back: Proofpoint researchers detected two targeted campaigns and infrastructure that may support others linked to the Carbanak group, this time aimed at banking targets in the United States, Middle East and elsewhere.
Now, however, the group is back: Proofpoint researchers detected two targeted campaigns and infrastructure that may support others linked to the Carbanak group, this time aimed at banking targets in the United States, Middle East and elsewhere.
Estimates suggest that the 2015 attack required three to four
months from initial infection to theft, which raises the question of whether
this is the beginning of the next billion-dollar attack. Based on our research,
it appears that we are observing early stages of an attack employing new
exploits, malicious document attachments, and RATs to target new groups outside
their usual Russian domains.
Interestingly, in these most recent attacks the Carbanak
group used malicious document attachments, URLs linking to documents with known
Microsoft Office exploits, and sophisticated malware to go after targets in the
U.S. and Middle East. The group also expanded its targeting from financial
institutions to seemingly unrelated targets in fire, safety, and HVAC. As we
learned from the Target breach, though, vendors and suppliers can give
attackers a valuable point of entry into their heavily guarded banking industry
targets.
The
Carbanak cybercrime group has been active since 2013, conducting
APT-style campaigns targeting multiple organizations with a variety of
malware. This group was mostly low-profile until they stole as much as
one billion dollars from banks in 2015. Now, however, the group is back:
Proofpoint researchers detected two targeted campaigns and
infrastructure that may support others linked to the Carbanak group,
this time aimed at banking targets in the United States, Middle East and
elsewhere.
Estimates suggest that the 2015 attack required three to four months from initial infection to theft, which raises the question of whether this is the beginning of the next billion-dollar attack. Based on our research, it appears that we are observing early stages of an attack employing new exploits, malicious document attachments, and RATs to target new groups outside their usual Russian domains.
Interestingly, in these most recent attacks the Carbanak group used malicious document attachments, URLs linking to documents with known Microsoft Office exploits, and sophisticated malware to go after targets in the U.S. and Middle East. The group also expanded its targeting from financial institutions to seemingly unrelated targets in fire, safety, and HVAC. As we learned from the Target breach, though, vendors and suppliers can give attackers a valuable point of entry into their heavily guarded banking industry targets.
- See more at: https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east#sthash.xlVQhKWD.dpuf
Estimates suggest that the 2015 attack required three to four months from initial infection to theft, which raises the question of whether this is the beginning of the next billion-dollar attack. Based on our research, it appears that we are observing early stages of an attack employing new exploits, malicious document attachments, and RATs to target new groups outside their usual Russian domains.
Interestingly, in these most recent attacks the Carbanak group used malicious document attachments, URLs linking to documents with known Microsoft Office exploits, and sophisticated malware to go after targets in the U.S. and Middle East. The group also expanded its targeting from financial institutions to seemingly unrelated targets in fire, safety, and HVAC. As we learned from the Target breach, though, vendors and suppliers can give attackers a valuable point of entry into their heavily guarded banking industry targets.
- See more at: https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east#sthash.xlVQhKWD.dpuf
The
Carbanak cybercrime group has been active since 2013, conducting
APT-style campaigns targeting multiple organizations with a variety of
malware. This group was mostly low-profile until they stole as much as
one billion dollars from banks in 2015. Now, however, the group is back:
Proofpoint researchers detected two targeted campaigns and
infrastructure that may support others linked to the Carbanak group,
this time aimed at banking targets in the United States, Middle East and
elsewhere.
Estimates suggest that the 2015 attack required three to four months from initial infection to theft, which raises the question of whether this is the beginning of the next billion-dollar attack. Based on our research, it appears that we are observing early stages of an attack employing new exploits, malicious document attachments, and RATs to target new groups outside their usual Russian domains.
Interestingly, in these most recent attacks the Carbanak group used malicious document attachments, URLs linking to documents with known Microsoft Office exploits, and sophisticated malware to go after targets in the U.S. and Middle East. The group also expanded its targeting from financial institutions to seemingly unrelated targets in fire, safety, and HVAC. As we learned from the Target breach, though, vendors and suppliers can give attackers a valuable point of entry into their heavily guarded banking industry targets.
- See more at: https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east#sthash.xlVQhKWD.dpuf
Estimates suggest that the 2015 attack required three to four months from initial infection to theft, which raises the question of whether this is the beginning of the next billion-dollar attack. Based on our research, it appears that we are observing early stages of an attack employing new exploits, malicious document attachments, and RATs to target new groups outside their usual Russian domains.
Interestingly, in these most recent attacks the Carbanak group used malicious document attachments, URLs linking to documents with known Microsoft Office exploits, and sophisticated malware to go after targets in the U.S. and Middle East. The group also expanded its targeting from financial institutions to seemingly unrelated targets in fire, safety, and HVAC. As we learned from the Target breach, though, vendors and suppliers can give attackers a valuable point of entry into their heavily guarded banking industry targets.
- See more at: https://www.proofpoint.com/us/threat-insight/post/carbanak-cybercrime-group-targets-executives-of-financial-organizations-in-middle-east#sthash.xlVQhKWD.dpuf