Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Cobalt: Their Evolution And Joint Operations
← Research Hub

Cobalt: Their Evolution And Joint Operations

Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
View report

Key facts

Thefts using SWIFT transactions in Hong Kong and Ukraine were committed in cooperation with Anunak (Carbanak)

Cybercriminals were spending approximately three weeks of study inside the network before conducting attacks

Cobalt tested new instruments, often changed locations and spied on victim’s internal systems to prepare for attacks

Starting from the attacks on ATMs in 2016, Cobalt learned to target SWIFT, card processing and payment gateways as well
Cobalt is still active: its members continue attacks on financial organizations and other companies worldwide. We have technical proof of collaboration between Cobalt and Anunak. In order to enable business and market regulators to take preventative measures against these criminals, we provide our customers indicators to protect them from phishing, identify the infrastructure and methods still used by these criminals.
Dmitry Volkov
Dmitry Volkov
Chief Executive Officer

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years....
Learn moreDownload report
Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn moreDownload report
UltraRank: The Unexpected Twist of a JS-Sniffer Triple Threat
Threat Research
UltraRank: The Unexpected Twist of a JS-Sniffer Triple Threat
New stage in JS-sniffers research. From analyzing malware families to identifying threat actors
Learn moreDownload report
Conti Armada: The ARMattack Campaign
Threat Research
Conti Armada: The ARMattack Campaign
Take a deep dive into “ARMattack”, one of the shortest yet most successful campaigns...
Learn moreDownload report
Crime Without Punishment: In-depth Analysis of JS-Sniffers
Threat Research
Crime Without Punishment: In-depth Analysis of JS-Sniffers
JS-sniffers pose a growing threat by attacking online stores and stealing payment data and...
Learn moreView report