A notorious hacking group that targets financial organisations and is thought to be the perpetrator of cyber attacks against the SWIFT banking network and ATM systems has launched a new campaign targeting employees of two banks.
The Cobalt cyber crime gang is suspected of striking banks in more than 40 countries and potentially making as much as €10 million per heist. It’s estimated the attacks have caused over €1bn in damages.
Despite the suspected leader of the group being arrested as part of a Europol operation in March this year, Cobalt remained active, with security firms detecting new campaigns just weeks after the arrest took place.
Now two more new Cobalt campaigns have been uncovered — this time targeting banks in Eastern Europe and Russia.
The new criminal activity, uncovered by Netscout Arbor, began in mid-August. The two banks being targeted by this latest campaign are NS Bank in Russia and Patria Bank in Romania.
In both cases, phishing emails appear to come from a financial vendor or partner related to the bank, a tactic that is used to trick victims into trusting the origin of the message and the sender.
“In at least one of the campaigns the attackers crafted an email that appeared to come from SEPA Europe (Single Euro Payments Area) with information about expanded coverage,” Richard Hummel, threat intelligence manager at Netscout told ZDNet.
“The recipient of the email was encouraged to click on an embedded link to find more information pertaining to the expanded coverage area.”