The hackers, led by a Ukrainian man, have targeted over 100 financial organizations in more than 40 countries around the world, stealing up to €10 million ($12.4 million) in a single heist. The gang used Carbanak malware to steal a significant amount of money from banks worldwide. The leader was arrested in Alicante, Spain, following an investigation conducted by the Spanish National Police and supported by Europol, private cybersecurity firms, and law enforcement agencies in the United States, Romania, Belarus and Taiwan. It is believed that the gang leads cyberattacks that resulted in losses totaling over €1 billion ($1.24 billion).
The Ukrainian named Denis K worked online with other three Russian and Ukrainian nationals. They never met in person but somehow managed to target ATMs in Spain’s capital city of Madrid in the first quarter of 2017, stealing half a million euros.
During the raid, Police have seized computers, jewelry worth €500,000 ($620,000), documents, two luxury vehicles, some bank accounts and two houses valued at roughly €1 million ($1.24 million).
This hacker group named Carbanak, Anunak, and Cobalt is well known since 2013. In the beginning, they first used a piece of malware dubbed Anunak and later improved it to a new better version named Carbanak. Their evolution didn’t stop at Carbanak, in 2016 they used a custom penetration testing tool called Cobalt Strike to lunch more sophisticated cyber attacks on targeted institutions.
The institutions they chose to target were often unprotected by a robust cybersecurity solution like an antivirus. Many hacker groups like Carbanak exists in the world so don’t let your guard down, installing an antivirus for Windows or antivirus for Mac, depending on which OS your device is running, represents a must nowadays. Besides this, every financial institution must hire a cybersecurity firm that will lunch, on purpose, various attacks on institution’s network to reveal its flaws. This kind of deliberate attacks is done through specialized cybersecurity tests like penetration test and ethical hacking tests.
The hackers managed to infect bank networks by delivering their malware to bank employees using spear-phishing emails. Once the infection occurred, it gave hackers unrestricted access to the compromised bank’s internal network, including servers controlling the ATMs.
The cybercriminals used this unrestricted access to the servers to remotely instruct ATMs to dispense cash at a particular time when the group’s mules would be nearby to collect the money. They also made huge funds transfers from the targeted bank to their accounts.
By employing this two tactics, the hackers acquired 15,000 bitcoins, currently worth more than $118 million.
The Achilles heel of this cybercriminal group was the laundering money activity and unpaid taxes
This reinforces the need for law enforcement organizations to continue focusing on traditional ‘follow the money angles’ as much as cyber forensic capabilities.
Is to be seen if this arrest will result in severe degradation of Carbanak’s capabilities or merely a short-term hindrance while the group refocuses its activity.
Until then remember that the presence of antivirus for Windows or antivirus for Mac in every system depending on which OS it is running represents a must. Also remember that tests like penetration test and ethical hacking tests are now available for any company that wants to tighten their security and if your business exists 100% online, we recommend the use of cyber-secured web hosting services.