G0080

CobaltCobalt

Also known as: Cobalt Group · Cobalt Gang · GOLD KINGSWOOD · COBALT SPIDER · G0080 · Mule Libra · Cobalt

Known aliases
7

Profile

A criminal group dubbed Cobalt is behind synchronized ATM heists that saw machines across Europe, CIS countries (including Russia), and Malaysia being raided simultaneously, in the span of a few hours. The group has been active since June 2016, and their latest attacks happened in July and August.

Aliases· 7

Cobalt GroupCobalt GangGOLD KINGSWOODCOBALT SPIDERMule LibraCobalt
G0080

MITRE ATT&CK Group crosswalk

G0080

References

  1. https://www.helpnetsecurity.com/2016/11/22/cobalt-hackers-synchronized-atm-heists/
  2. https://www.bleepingcomputer.com/news/security/cobalt-hacking-group-tests-banks-in-russia-and-romania/
  3. https://www.secureworks.com/blog/cybercriminals-increasingly-trying-to-ensnare-the-big-financial-fish
  4. https://www.crowdstrike.com/blog/meet-crowdstrikes-adversary-of-the-month-for-september-cobalt-spider/
  5. https://www.group-ib.com/blog/cobalt
  6. https://www.reuters.com/article/us-taiwan-cyber-atms/taiwan-atm-heist-linked-to-european-hacking-spree-security-firm-idUSKBN14P0CX
  7. https://www.proofpoint.com/us/threat-insight/post/microsoft-word-intruder-integrates-cve-2017-0199-utilized-cobalt-group-target
  8. https://blog.trendmicro.com/trendlabs-security-intelligence/cobalt-spam-runs-use-macros-cve-2017-8759-exploit/

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

Group
Cobalt Group
Actor
ExCobalt
Actor
BlueBottle
Actor
RTM
Group
Carbanak
Actor
Operation Cobalt Whisper
Sourced from MISP-Galaxy Threat Actor cluster. Curated by Adam Lundqvist, Founder at SQUR.