Cobalt Threat Group Serves Up SpicyOmelette Fresh Bank Attacks (Sep 27, 2018)
The Advanced Persistent Threat (APT) group Cobalt Gang (also called Cobalt Group or Gold Kingswood) targeted high-value financial institutions around the world in a recent campaign. The APT group used phishing emails to lure targets into clicking what appears to be a malicious PDF file that redirects victims to an Amazon Web Services (AWS) URL. Here, the malware “SpicyOmelette” is installed onto the device which harvests information to gain elevated privileges so the APT group can steal financial data and obtain transaction data that can be used for malicious purposes in the future. Cobalt Group has been connected to several campaigns against banks and other financial institutions and is believed to have caused over €1 billion ($1,161,650,000 USD) in damages.
Recommendation: It is important that your company institute policies to educate your employees on phishing attacks. Specifically, how to identify such attacks and whom to contact if a phishing email is identified. Furthermore, maintain policies regarding what kind of requests and information your employees can expect to receive from colleagues and management to assist in identifying potential malicious communications.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.