NEW: Group Profiler — instant APT intel lookup. Try it →

← threatfilter.dev / all groups / Cobalt Group

Cobalt Group

Also known as: GOLD KINGSWOOD · Cobalt Gang · Cobalt Spider

Overview

Cobalt Group is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT systems. Cobalt Group has mainly targeted banks in Eastern Europe, Central Asia, and Southeast Asia. One of the alleged leaders was arrested in Spain in early 2018, but the group still appears to be active. The group has been known to target organizations in order to use their access to then compromise additional victims. Reporting indicates there may be links between Cobalt Group and both the malware Carbanak and the group Carbanak.

Capabilities

  • Supply-chain compromise — ATT&CK T1195.002
  • Exploitation of public-facing / client applications — ATT&CK T1203
  • Custom malware/implant development — ATT&CK: 3 attributed custom malware families

TTPs — 34 techniques across 9 tactics

Resource Development

Execution

Stealth

Lateral Movement

Command and Control

Tools & malware (6)

Mimikatz · More_eggs · SpicyOmelette · SDelete · Cobalt Strike · PsExec

Reporting (3)