Leader of Carbanak (Cobalt) Hacker Group Who Stole Over €1BIL Arrested in Spain

[LASER_oneXM]

Europol announced today that Spanish police has arrested a man suspect of being the mastermind behind the Carbanak hacking group, known for some of the biggest bank cyber-heists in recent years.

Europol said the Carbanak gang —also known as Cobalt— had carried out over 100 hacks across 40 different countries, stealing over €1 billion ($1.24 billion), with a hack average of €10 million ($12.4 million) per heist.

Carbanak group attacks banks and ATM systems only
The Carbanak gang is infamous because it only attacked banks, e-payment systems, and financial institutions. The gang's activities can be split in three main phases, depending on the malware they used for attacks:

2013 - 2014 — the group developed and used Anunak malware and targeted mainly financial institutions and ATM networks.

2014 - 2016 — the group developed and used Carbanak malware, a newer and more sophisticated version of Anunak.

2016 - 2017 — the group developed custom malware using Cobalt Strike, a legitimate penetration testing framework.

Hackers had three ways of stealing money
Once they gained access to these systems, hackers choose one of three methods of stealing money.

The first was to coordinate with money mule groups and make ATMs spit out cash at a predetermined hour and day. Money mules would pick up the funds, some of which would end up back with the Carbanak group after intermediaries took their cuts.

Second, the Carbanak group would transfer money from legitimate accounts to the ones they or their money mules owned, who would then empty accounts at ATMs, or use the accounts to buy expensive products and launder the money.

Third, crooks would use their access to the bank's internal network to artificially inflate the money balance of accounts created by money mules in advance, without transferring funds from other accounts. Same as before, money mules would empty accounts as soon as possible.