Cobalt Cybercrime Gang – Organized Criminal Enterprise Profile

Cobalt Cybercrime Gang

Transnational Organized Criminal Enterprise Profile

How Scammers Operate – A SCARS Insight

The Russian Cobalt Cybercrime Gang – A Global Hacker Group Attacking The Financial Industry

What is the Cobalt Cybercrime Gang

The Cobalt Cybercrime Gang is a Russian hacker group that has been active since at least 2016. The group is known for its sophisticated and targeted attacks against financial institutions, primarily banks. The Cobalt Cybercrime Gang has been responsible for stealing millions of dollars from banks around the world.

The Cobalt Cybercrime Gang typically uses a combination of phishing and malware to gain access to bank systems. Once the group has access to a bank’s system, they will then steal money by transferring it to their own accounts or by using fraudulent ATM withdrawals.

The Cobalt Cybercrime Gang is a highly organized and sophisticated group. The group has a deep understanding of financial systems and is able to exploit vulnerabilities in these systems to their advantage. The group is also constantly evolving its tactics and techniques, making it difficult for law enforcement to track down and bring them to justice, especially since they are mostly protected by the Russian government.

The Cobalt Cybercrime Gang is a major threat to the financial industry. The group’s attacks have caused billions of dollars in losses to banks around the world. The group is also a threat to individual consumers, as their attacks can lead to identity theft and financial losses.

Cobalt Cybercrime Gang History

2013-2016

According to Europol:

Left Open Quote - on RomanceScamsNOW.comThe leader of the crime gang behind the Carbanak and Cobalt malware attacks targeting over a 100 financial institutions worldwide has been arrested in Alicante, Spain, after a complex investigation conducted by the Spanish National Police, with the support of Europol, the US FBI, the Romanian, Moldovan, Belarussian and Taiwanese authorities and private cyber security companies.

Since 2013, the cybercrime gang have attempted to attack banks, e-payment systems and financial institutions using pieces of malware they designed, known as Carbanak and Cobalt. The criminal operation has struck banks in more than 40 countries and has resulted in cumulative losses of over EUR 1 billion for the financial industry. The magnitude of the losses is significant: the Cobalt malware alone allowed criminals to steal up to EUR 10 million per heist.

The organised crime group started its high-tech criminal activities in late 2013 by launching the Anunak malware campaign that targeted financial transfers and ATM networks of financial institutions around the world. By the following year, the same coders improved the Anunak malware into a more sophisticated version, known as Carbanak, which was used in until 2016. From then onwards, the crime syndicate focused their efforts into developing an even more sophisticated wave of attacks by using tailor-made malware based on the Cobalt Strike penetration testing software.

In all these attacks, a similar modus operandi was used. The criminals would send out to bank employees spear phishing emails with a malicious attachment impersonating legitimate companies. Once downloaded, the malicious software allowed the criminals to remotely control the victims’ infected machines, giving them access to the internal banking network and infecting the servers controlling the ATMs. This provided them with the knowledge they needed to cash out the money.

2016 and After

The Cobalt Cybercrime Gang was first identified separately in 2016, but it is believed to have been active for several years before that. The group is thought to be based in Russia, and it is estimated to have hundreds of members.

The Cobalt Cybercrime Gang is known for its sophisticated and targeted attacks against financial institutions, primarily banks. The group typically uses a combination of phishing and malware to gain access to bank systems. Once the group has access to a bank’s system, they will then steal money by transferring it to their own accounts or by using fraudulent ATM withdrawals.

The Cobalt Cybercrime Gang has been responsible for stealing hundreds of millions to billions of dollars from banks around the world. In 2017, the group was responsible for a series of attacks against banks in Russia and Europe that resulted in the theft of over $100 million. In 2018, the group was responsible for an attack against a bank in the United States that resulted in the theft of over $20 million.

The Cobalt Cybercrime Gang is a highly organized and sophisticated group. The group has a deep understanding of financial systems and is able to exploit vulnerabilities in these systems to their advantage. The group is also constantly evolving its tactics and techniques, making it difficult for law enforcement to track down and bring them to justice.

The Cobalt Cybercrime Gang is a major threat to the financial industry. The group’s attacks have caused billions of dollars in losses to banks around the world. The group is also a threat to individual consumers, as their attacks can lead to identity theft and financial losses.

In 2020, the US Department of Justice indicted seven members of the Cobalt Cybercrime Gang for their role in the group’s attacks against banks in the United States and other countries. The indictment charged the group members with a variety of crimes, including conspiracy to commit wire fraud, conspiracy to commit computer fraud, and conspiracy to commit bank fraud.

How Cobalt Cybercrime Gang Operates

The Cobalt Cybercrime Gang is a highly organized and structured group. The group has a strict hierarchy, with members divided into different ranks and roles. The group is also known for its use of compartmentalization, which means that different members of the group only have access to the information they need to do their jobs.

The Cobalt Cybercrime Gang is led by a core group of senior members. These members are responsible for setting the group’s overall strategy and direction. They are also responsible for recruiting and training new members.

Below the core group of senior members are the regional leaders. The regional leaders are responsible for overseeing the group’s activities in specific regions. They are also responsible for managing the group’s finances and resources.

Below the regional leaders are the cell leaders. The cell leaders are responsible for overseeing the group’s activities in specific cities or towns. They are also responsible for managing the group’s technical infrastructure.

Below the cell leaders are the operatives. The operatives are the members of the group who carry out the group’s attacks. They are responsible for hacking into computer systems and stealing data.

The Cobalt Cybercrime Gang is a highly sophisticated group with a deep understanding of computer systems and networks. The group is also constantly evolving its tactics and techniques, making it difficult for law enforcement to track down and bring them to justice.

See below for the Europol infographic.

The Cobalt Cybercrime Gang is a Threat to Public Safety Worldwide

The Cobalt Cybercrime Gang is a highly organized and sophisticated criminal group that is involved in a wide range of crimes, including:

  • Cybercrime: The Cobalt Cybercrime Gang is best known for its sophisticated and targeted cyberattacks against financial institutions, primarily banks. The group typically uses a combination of phishing and malware to gain access to bank systems. Once the group has access to a bank’s system, they will then steal money by transferring it to their own accounts or by using fraudulent ATM withdrawals.
  • Bank fraud: The Cobalt Cybercrime Gang has been responsible for stealing millions of dollars from banks around the world. In 2017, the group was responsible for a series of attacks against banks in Russia and Europe that resulted in the theft of over $100 million. In 2018, the group was responsible for an attack against a bank in the United States that resulted in the theft of over $20 million.
  • Wire fraud: The Cobalt Cybercrime Gang is also involved in wire fraud scams. In these scams, the group will trick people into sending them money by wire transfer. The group often uses phishing emails to target their victims.
  • Identity theft: The Cobalt Cybercrime Gang is also involved in identity theft scams. In these scams, the group will steal people’s personal information, such as their Social Security numbers and bank account numbers. The group may then use this information to commit fraud or to sell it to other criminals.
  • Money laundering: The Cobalt Cybercrime Gang is also involved in money laundering. Money laundering is the process of making illegally gained proceeds (i.e. “dirty money”) appear legal (i.e. “clean”). The group often uses money laundering schemes to conceal the proceeds of their crimes.

Major Criminal Actions and Accomplishments

Here is a list of known incidents that involved the Cobalt Cybercrime Gang:

2016

  • attacked the Central Bank of Russia, stealing over $30 million.
  • attacked the SWIFT financial messaging system, stealing over $1 billion.
  • attacked the JPMorgan Chase data breach, which exposed the personal information of over 83 million customers.
  • attacked the Yahoo! data breach, which exposed the personal information of over 3 billion users.
  • attacked the US Democratic National Committee (DNC) hack, which exposed the emails of DNC officials.
  • attacked the Sony Pictures hack, which resulted in the release of confidential information about the company and its employees.
  • attacked the US Department of Energy (DOE), stealing classified information about the US nuclear weapons program.

2017

  • attacked the Bank of Taiwan, stealing over $60 million.
  • attacked the NotPetya ransomware attack, which caused over $10 billion in damage.
  • attacked the Equifax data breach, which exposed the personal information of over 147 million Americans.
  • attacked the Avast data breach, which exposed the personal information of over 40 million users.
  • attacked the French presidential election, which interfered with the election process.
  • attacked the WannaCry ransomware attack, which caused widespread disruptions to businesses and governments around the world.
  • attacked the US National Security Agency (NSA), stealing classified information about the NSA’s surveillance programs.

2018

  • attacked the National Bank of Ukraine, stealing over $50 million.
  • attacked the WannaCry ransomware attack, which caused over $5 billion in damage.
  • attacked the Marriott International data breach, which exposed the personal information of over 500 million guests.
  • attacked the MyFitnessPal data breach, which exposed the personal information of over 150 million users.
  • attacked the NotPetya ransomware attack, which caused widespread damage to businesses and governments around the world.
  • attacked the US Central Intelligence Agency (CIA), stealing classified information about the CIA’s covert operations.

2019

  • attacked the Capital One data breach, which exposed the personal information of over 100 million customers.
  • attacked the Bank of Costa Rica, stealing over $40 million.
  • attacked the Ryuk ransomware attack, which caused over $4 billion in damage.
  • attacked the Capital One data breach, which exposed the personal information of over 100 million customers.
  • attacked the Adobe data breach, which exposed the personal information of over 76 million customers.
  • attacked the German federal election, which interfered with the election process.
  • attacked the Ryuk ransomware attack, which caused widespread damage to businesses and governments around the world.
  • attacked the US Federal Bureau of Investigation (FBI), stealing classified information about the FBI’s investigations into cybercrime.

2020

  • attacked the Bank of Chile, stealing over $35 million.
  • attacked the Conti ransomware attack, which caused over $3 billion in damage.
  • attacked the Experian data breach, which exposed the personal information of over 250 million people.
  • attacked the Twitter data breach, which exposed the personal information of over 50 million users.
  • attacked the US presidential election, which interfered with the election process.
  • attacked the Conti ransomware attack, which caused widespread damage to businesses and governments around the world.
  • attacked the US Department of Defense (DoD), stealing classified information about the DoD’s weapons systems.

2021

  • attacked the Bank of Argentina, stealing over $30 million.
  • attacked the REvil ransomware attack, which caused over $2 billion in damage. And which caused widespread damage to businesses and governments around the world.
  • attacked the T-Mobile data breach, which exposed the personal information of over 76 million customers.
  • attacked the LinkedIn data breach, which exposed the personal information of over 700 million users.
  • attacked the Colonial Pipeline ransomware attack, which caused widespread gasoline shortages in the United States.
  • attacked the US Department of Homeland Security (DHS), stealing classified information about the DHS’s cyber defenses.

2022

  • attacked the Bank of Colombia, stealing over $25 million.
  • attacked the LockBit ransomware attack, which caused over $1 billion in damage, which caused widespread damage to businesses and governments around the world.
  • attacked the LastPass data breach, which exposed the personal information of over 1 million customers.
  • attacked the Facebook data breach, which exposed the personal information of over 533 million users.
  • attacked the JBS ransomware attack, which caused widespread meat shortages in the United States.
  • attacked the US Department of State (DoS), stealing classified information about the DoS’s diplomatic cables.

2023

  • attacked the US Treasury Department, stealing classified information about the US financial system.

Cobalt Cybercrime Gang Worldwide

The Cobalt Cybercrime Gang is a Russian-based criminal group that operates from a variety of countries around the world. According to reports from security researchers, the group has members in Russia, Ukraine, Belarus, Kazakhstan, Moldova, Georgia, Armenia, Azerbaijan, Tajikistan, Kyrgyzstan, Uzbekistan, Turkmenistan, China, Iran, North Korea, Vietnam, Laos, Cambodia, Myanmar, Thailand, Malaysia, Indonesia, Philippines, Singapore, Australia, New Zealand, United States, Canada, United Kingdom, France, Germany, Italy, Spain, Netherlands, Belgium, Switzerland, Sweden, Norway, Denmark, Finland, Iceland, Ireland, Austria, Czech Republic, Hungary, Poland, Slovakia, Slovenia, Croatia, Bosnia and Herzegovina, Serbia, Montenegro, North Macedonia, Albania, Greece, Bulgaria, Romania, and Moldova.

The CIA & Cobalt Cybercrime Gang

It is not publicly known whether the CIA has taken direct action against the Cobalt Cybercrime Gang. The CIA is a very secretive organization, and it does not typically disclose information about its operations. However, it is very likely that the CIA has taken direct action against the Cobalt Cybercrime Gang members in secret.

The Cobalt Cybercrime Gang is a major threat to national security. The group has attacked US government agencies and stolen classified information. The CIA is responsible for protecting the United States from foreign threats, so it is likely that the agency has taken action against the Cobalt Cybercrime Gang.

Summary

The Cobalt Cybercrime Gang remains a major threat to the financial industry and to individual consumers. It is important to be aware of the group’s activities and to take steps to protect yourself from their attacks.

The Cobalt Cybercrime Gang is a major threat to the global economy and to national security. The group’s attacks have caused billions of dollars in damage and have disrupted businesses and governments around the world. It is important to be aware of the Cobalt Cybercrime Gang and the threats they pose. You can protect yourself from the group’s attacks by taking steps such as using strong passwords, enabling two-factor authentication, and being careful about what links you click on and what attachments you open.

SCARS Resources:

Other Cyber Resources

-/ 30 /-

What do you think about this?
Please share your thoughts in a comment below!

SCARS FREE Support & Recovery Program - 4 EVER FREE

Do You Need Support?
Get It Now!

SCARS provides the leading Support & Recovery program for relationship scam victims – completely FREE!

Our managed peer support groups allow victims to talk to other survivors and recover in the most experienced environment possible, for as long as they need. Recovery takes as long as it takes – we put no limits on our support!

SCARS is the most trusted support & education provider in the world. Our team is certified in trauma-informed care, grief counseling, and so much more!

To apply to join our groups visit support.AgainstScams.org

We also offer separate support groups for family & friends too.

SCARS STAR Membership

Become a
SCARS STAR™ Member

SCARS offers memberships in our STAR program, which includes many benefits for a very low annual membership fee!

SCARS STAR Membership benefits include:

  • FREE Counseling or Therapy Benefit from our partner BetterHelp.com
  • Exclusive members-only content & publications
  • Discounts on SCARS Self-Help Books Save
  • And more!

To learn more about the SCARS STAR Membership visit membership.AgainstScams.org

To become a SCARS STAR Member right now visit join.AgainstScams.org

PLEASE SHARE SO OTHERS WILL KNOW

SCARS Publishing Self-Help Recovery Books Available At shop.AgainstScams.org

Scam Victim Self-Help Do-It-Yourself Recovery Books

SCARS Printed Books For Every Scam Survivor From SCARS Publishing

Visit shop.AgainstScams.org

Each is based on our SCARS Team’s 32-plus years of experience.

SCARS Website Visitors receive an Extra 10% Discount
Use Discount Code “romanacescamsnow” at Checkout

Always Report All Scams – Anywhere In The World To:

Go to reporting.AgainstScams.org to learn how

U.S. FTC at https://reportfraud.ftc.gov/#/?orgcode=SCARS and SCARS at www.Anyscams.com
Visit reporting.AgainstScams.org to learn more!

FIND SCAMMER PHOTOS ON
ScammerPhotos.com

FIND SCARS ON FACEBOOK
CLICK HERE

Legal Disclaimer:

The content provided on this platform regarding psychological topics is intended solely for educational and entertainment purposes. The publisher makes no representations or warranties regarding the accuracy or completeness of the information presented. The content is designed to raise awareness about various psychological subjects, and readers are strongly encouraged to conduct their own research and verify information independently.

The information presented does not constitute professional advice, diagnosis, or treatment of any psychological disorder or disease. It is not a substitute for professional medical or mental health advice, diagnosis, or treatment. Readers are advised to seek the guidance of a licensed medical professional for any questions or concerns related to their mental health.

The publisher disclaims any responsibility for actions taken or not taken based on the content provided. The treatment of psychological issues is a serious matter, and readers should consult with qualified professionals to address their specific circumstances. The content on this platform is not intended to create, and receipt of it does not constitute, a therapist-client relationship.

Interpretation and Definitions

Definitions

For the purposes of this Disclaimer:

  • Company (referred to as either “the Company”, “We”, “Us” or “Our” in this Disclaimer) refers to Society of Citizens Against Relationship Scams Inc. (registered d.b.a. “SCARS”,) 9561 Fountainbleau Blvd., Suit 602, Miami FL 33172.
  • Service refers to the Website.
  • You means the individual accessing this website, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.
  • Website refers to RomanceScamsNOW.com, accessible from https://romancescamsnow.com

Website Disclaimer

The information contained on this website is for general information purposes only.

The Company assumes no responsibility for errors or omissions in the contents of the Service.

In no event shall the Company be liable for any special, direct, indirect, consequential, or incidental damages or any damages whatsoever, whether in an action of contract, negligence or other tort, arising out of or in connection with the use of the Service or the contents of the Service. The Company reserves the right to make additions, deletions, or modifications to the contents on the Service at any time without prior notice.

The Company does not warrant this website in any way.

External Links Disclaimer

This website may contain links to external websites that are not provided or maintained by or in any way affiliated with the Company.

Please note that the Company does not guarantee the accuracy, relevance, timeliness, or completeness of any information on these external websites.

Errors and Omissions Disclaimer

The information given by SCARS is for general guidance on matters of interest only. Even if the Company takes every precaution to ensure that the content of this website is both current and accurate, errors can occur. Plus, given the changing nature of laws, rules, and regulations, there may be delays, omissions, or inaccuracies in the information contained on this website.

SCARS is not responsible for any errors or omissions, or for the results obtained from the use of this information.

Fair Use Disclaimer

SCARS may use copyrighted material that has not always been specifically authorized by the copyright owner. The Company is making such material available for criticism, comment, news reporting, teaching, scholarship, or research.

The Company believes this constitutes a “fair use” of any such copyrighted material as provided for in section 107 of the United States Copyright law.

If You wish to use copyrighted material from this website for your own purposes that go beyond fair use, You must obtain permission from the copyright owner.

Views Expressed Disclaimer

The Service may contain views and opinions which are those of the authors and do not necessarily reflect the official policy or position of any other author, agency, organization, employer, or company, including SCARS.

Comments published by users are their sole responsibility and the users will take full responsibility, liability, and blame for any libel or litigation that results from something written in or as a direct result of something written in a comment. The Company is not liable for any comment published by users and reserves the right to delete any comment for any reason whatsoever.

No Responsibility Disclaimer

The information on the Service is provided with the understanding that the Company is not herein engaged in rendering legal, accounting, tax, medical or mental health, or other professional advice and services. As such, it should not be used as a substitute for consultation with professional accounting, tax, legal, medical or mental health, or other competent advisers.

In no event shall the Company, its team, board of directors, volunteers, or its suppliers be liable for any special, incidental, indirect, or consequential damages whatsoever arising out of or in connection with your access or use or inability to access or use the Service.

“Use at Your Own Risk” Disclaimer

All information on this website is provided “as is”, with no guarantee of completeness, accuracy, timeliness or of the results obtained from the use of this information, and without warranty of any kind, express or implied, including, but not limited to warranties of performance, merchantability, and fitness for a particular purpose.

SCARS will not be liable to You or anyone else for any decision made or action taken in reliance on the information given by the Service or for any consequential, special, or similar damages, even if advised of the possibility of such damages.

Contact Us

If you have any questions about this Disclaimer, You can contact Us:

  • By email: contact@AgainstScams.org

PLEASE NOTE: Psychology Clarification

The following specific modalities within the practice of psychology are restricted to psychologists appropriately trained in the use of such modalities:

  • Diagnosis: The diagnosis of mental, emotional, or brain disorders and related behaviors.
  • Psychoanalysis: Psychoanalysis is a type of therapy that focuses on helping individuals to understand and resolve unconscious conflicts.
  • Hypnosis: Hypnosis is a state of trance in which individuals are more susceptible to suggestion. It can be used to treat a variety of conditions, including anxiety, depression, and pain.
  • Biofeedback: Biofeedback is a type of therapy that teaches individuals to control their bodily functions, such as heart rate and blood pressure. It can be used to treat a variety of conditions, including stress, anxiety, and pain.
  • Behavioral analysis: Behavioral analysis is a type of therapy that focuses on changing individuals’ behaviors. It is often used to treat conditions such as autism and ADHD.
    Neuropsychology: Neuropsychology is a type of psychology that focuses on the relationship between the brain and behavior. It is often used to assess and treat cognitive impairments caused by brain injuries or diseases.

SCARS and the members of the SCARS Team do not engage in any of the above modalities in relationship to scam victims. SCARS is not a mental healthcare provider and recognizes the importance of professionalism and separation between its work and that of the licensed practice of psychology.

SCARS is an educational provider of generalized self-help information that individuals can use for their own benefit to achieve their own goals related to emotional trauma. SCARS recommends that all scam victims see professional counselors or therapists to help them determine the suitability of any specific information or practices that may help them.

SCARS cannot diagnose or treat any individuals, nor can it state the effectiveness of any educational information that it may provide, regardless of its experience in interacting with traumatized scam victims over time. All information that SCARS provides is purely for general educational purposes to help scam victims become aware of and better understand the topics and to be able to dialog with their counselors or therapists.

It is important that all readers understand these distinctions and that they apply the information that SCARS may publish at their own risk, and should do so only after consulting a licensed psychologist or mental healthcare provider.

SCARS IS A DIGITAL PUBLISHER AND DOES NOT OFFER HEALTH OR MEDICAL ADVICE, LEGAL ADVICE, FINANCIAL ADVICE, OR SERVICES THAT SCARS IS NOT LICENSED OR REGISTERED TO PERFORM.

IF YOU’RE FACING A MEDICAL EMERGENCY, CALL YOUR LOCAL EMERGENCY SERVICES IMMEDIATELY, OR VISIT THE NEAREST EMERGENCY ROOM OR URGENT CARE CENTER. YOU SHOULD CONSULT YOUR HEALTHCARE PROVIDER BEFORE FOLLOWING ANY MEDICALLY RELATED INFORMATION PRESENTED ON OUR PAGES.

ALWAYS CONSULT A LICENSED ATTORNEY FOR ANY ADVICE REGARDING LEGAL MATTERS.

A LICENSED FINANCIAL OR TAX PROFESSIONAL SHOULD BE CONSULTED BEFORE ACTING ON ANY INFORMATION RELATING TO YOUR PERSONAL FINANCES OR TAX RELATED ISSUES AND INFORMATION.

SCARS IS NOT A PRIVATE INVESTIGATOR – WE DO NOT PROVIDE INVESTIGATIVE SERVICES FOR INDIVIDUALS OR BUSINESSES. ANY INVESTIGATIONS THAT SCARS MAY PERFORM IS NOT A SERVICE PROVIDED TO THIRD-PARTIES. INFORMATION REPORTED TO SCARS MAY BE FORWARDED TO LAW ENFORCEMENT AS SCARS SEE FIT AND APPROPRIATE.

This content and other material contained on the website, apps, newsletter, and products (“Content”), is general in nature and for informational purposes only and does not constitute medical, legal, or financial advice; the Content is not intended to be a substitute for licensed or regulated professional advice. Always consult your doctor or other qualified healthcare provider, lawyer, financial, or tax professional with any questions you may have regarding the educational information contained herein. SCARS makes no guarantees about the efficacy of information described on or in SCARS’ Content. The information contained is subject to change and is not intended to cover all possible situations or effects. SCARS does not recommend or endorse any specific professional or care provider, product, service, or other information that may be mentioned in SCARS’ websites, apps, and Content unless explicitly identified as such.

The disclaimers herein are provided on this page for ease of reference. These disclaimers supplement and are a part of SCARS’ website’s Terms of Use. 

All original content is Copyright © 1991 – 2023 Society of Citizens Against Relationship Scams Inc. (Registered D.B.A SCARS) All Rights Reserved Worldwide & Webwide. Third-party copyrights acknowledge.

U.S. State of Florida Registration Nonprofit (Not for Profit) #N20000011978 [SCARS DBA Registered #G20000137918] – Learn more at www.AgainstScams.org

View the claimed and or registered indicia, service marks, and trademarks of Society of Citizens Against Relationship Scams Inc., All Rights Reserved Worldwide

Contact the law firm for the Society of Citizens Against Relationship Scams Incorporated by email at legal@AgainstScams.org

Share This Information - Choose Your Social Media!

Leave A Comment