ESET has analysed new malware samples used by the Carbanak financial APT group previously responsible for the theft of millions of dollars, credit cards and intellectual property. The Carbanak group keeps attacking specific targets related to the finance industry, including banks, Forex-trading companies, and even an American casino hotel.
ESET has also illustrated the findings in a blog post:
Highlights of the blogpost:
- Hack of USA casino/hotel
- Spear-phishing emails not published anywhere
- Known recent victims of this group in the following countries:
United States of America
Germany
United Arab Emirates
And many others
… and include banks, casinos/hotels, and large Forex-trading companies
The full blog post can be found here: http://www.welivesecurity.com/2015/09/08/carbanak-gang-is-back-and-packing-new-guns/
Carbanak Gang Returns for More Money
ESET analyzes new malware samples used by the Carbanak financial APT group previously responsible for the theft of millions of dollars, credit cards and intellectual property.
At the end of August, ESET telemetry has detected traces of activity of the infamous APT group, a.k.a Carbanak. ESET researchers investigating this gang’s activities offer an in-depth analysis of their findings in the blogpost titled “Carbanak Gang is Back and Packing New Guns,” which is now available on WeLiveSecurity.com.
With victims mostly in the United States, Germany, United Arab Emirates, United Kingdom, the Carbanak group keeps attacking specific targets related to the finance industry, including banks, Forex-trading companies, and even an American casino hotel.
“For infecting, the gang doesn’t use just one malware family to carry out its operations, but it employs several of them. The code in these different families contains similar traits, including the same digital certificate,” says Anton Cherepanov, Malware Researcher at ESET. “In fact, Win32/Spy.Agent.ORM, a new first-stage component used by the attackers, also known as Win32/Toshliph, as well as Win32/Wemosis, a backdoor capable of scraping memory of Point-of-Sale systems for credit card data, both share some similarities in their code with “the standard” Carbanak malware, detected by ESET as Win32/Spy.Sekur.”
Furthermore, the attackers are updating their arsenal with the latest exploits, such as the Microsoft Office remote code execution vulnerability (CVE-2015-1770) or the zero-day exploit leaked in the Hacking Team dumps (CVE-2015-2426).
ESET research team continues to monitor the Carbanak threats