According to Bitdefender's investigation, starting in March 2018, a series of advanced cyber attacks targeted financial-banking institutions, in order to steal huge amounts of money in a very short time
During the investigation, Bitdefender specialists identified components of the Cobalt Strike arsenal - a member of the Carbanak crime group, known since 2013 for attacking over 100 banks in over 40 countries, responsible for financial damages of over one billion euros.
" The investigated attacks were carried out through phishing campaigns sent to banks in Eastern Europe and Russia, generally during the first part of the week, between Monday "", says Liviu Arsene, IT security specialist at Bitdefender.
From March 2018, the phishing campaign attempted to let the employees of the banks click on infected links or download files from emails sent by someone from the organization where they were working. After the attackers reached the target computer, they sought to obtain administrator privileges to infiltrate the company's network. Computer criminals operated with surgical precision, so they only infected a small number of devices so they would remain as long as possible. The ideal victims were employees with high privileges and extended access rights in the company's IT infrastructure.
The preferred mode of work in the final phase of these attacks involves remote training of ATMs to issue cash at a predefined time. members of the criminal group immediately collected money and transferred them to their own accounts. Another method was to modify account information databases while they were withdrawing money.