Analysis & Insights

Finance

From Phish to Network Compromise in Two Hours

4 - 11 June 2019

An investigation report of a May 2018 cyber attack on an East European bank reveals that the prolific Carbanak group
Cyber_News_Finance

An investigation report of a May 2018 cyber attack on an East European bank reveals that the prolific Carbanak group (aka FIN7, Cobalt and Anunak) can achieve total network compromise in under two hours. From the initial compromise through spear phishing, the hackers installed a backdoor within minutes to maintain persistence. Additional payloads including a Cobalt Strike beacon were installed and within two hours the hackers had compromised a domain controller, which facilitated lateral movement across the network. Over the next two months, the attackers conducted further reconnaissance of the bank’s network with an aim to breach the ATM system while taking considerable effort to network signature low. The attack was only discovered after the stolen credentials were used on systems that the administrators normally would not access. If the attack had succeeded, the group would have deployed money mules to empty out multiple ATMs without triggering the alert system. 


References:

An APT Blueprint: Gaining New Visibility into Financial Threats (PDF)


 

 

 
 
 
 

More Weekly Cyber Newsanalysis and insights

Finance

From Phish to Network Compromise in Two Hours

4 - 11 June 2019

An investigation report of a May 2018 cyber attack on an East European bank reveals that the prolific Carbanak group
Cyber_News_Finance

An investigation report of a May 2018 cyber attack on an East European bank reveals that the prolific Carbanak group (aka FIN7, Cobalt and Anunak) can achieve total network compromise in under two hours. From the initial compromise through spear phishing, the hackers installed a backdoor within minutes to maintain persistence. Additional payloads including a Cobalt Strike beacon were installed and within two hours the hackers had compromised a domain controller, which facilitated lateral movement across the network. Over the next two months, the attackers conducted further reconnaissance of the bank’s network with an aim to breach the ATM system while taking considerable effort to network signature low. The attack was only discovered after the stolen credentials were used on systems that the administrators normally would not access. If the attack had succeeded, the group would have deployed money mules to empty out multiple ATMs without triggering the alert system. 


References:

An APT Blueprint: Gaining New Visibility into Financial Threats (PDF)


 

 

 
 
 
 

More Weekly Cyber Newsanalysis and insights