Report an incident

Get 24/7 incident response assistance from our global team

Talk to sales

Just fill out the form, and our representative will contact you soon.

Join the Cybercrime Fighters Club

Please review the following rules before submitting your application:

1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.

2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.

Cobalt: Logical Attacks on ATMs
← Research Hub

Cobalt: Logical Attacks on ATMs

Report outlining activity of the Cobalt hacker group attacking banks in Europe and Asia
View report

Key facts

Banks of at least 14 countries including Russia, the UK, the Netherlands and Malaysia have suffered the attacks from this criminal group.

The 'touchless jackpotting' technique employed does not involve any physical manipulations of ATMs.

Bank systems are infected using tools that are widely available in public sources.

The shortest time taken to obtain total control over the banking network – 10 minutes.

Discover in detail about

How this attack’s malware spreads through internal banking networks and provides for its survivability.

Functional specifics of the ATM malware used to dispense money on demand.

The attack scheme and roles of group members.

Indicators of Compromise and attack prevention tactics.

Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being 'on the radar' of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.
Dmitry Volkov
Dmitry Volkov
Chief Executive Officer

Advanced protection against cyber threats

Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat Intelligence
Threat Intelligence
Fraud Protection
Fraud Protection
Managed XDR
Managed XDR
Digital Risk Protection
Digital Risk Protection

Relevant reports

We see the full picture of the evolving cyber threat landscape thanks to unique tools for monitoring the infrastructure used by cybercriminals and data from battlefields:

OldGremlin Ransomware: Never Ever Feed Them after The Locknight
Threat Research
OldGremlin Ransomware: Never Ever Feed Them after The Locknight
The case of OldGremlin illustrates how the ransomware industry has evolved in recent years....
Learn moreDownload report
OPERA1ER: Playing God Without Permission
Threat Research
OPERA1ER: Playing God Without Permission
The group relied solely on known “off-the-shelf” tools to steal millions from financial service...
Learn moreDownload report
MoneyTaker: Revealed After 1.5 Years of Silent Operations
Threat Research
MoneyTaker: Revealed After 1.5 Years of Silent Operations
Explore how this group managed to hide their traces while conducting 20+ attacks on...
Learn moreView report
Ransomware Uncovered 2020/2021
Threat Research
Ransomware Uncovered 2020/2021
The complete guide to the latest tactics, techniques, and procedures of ransomware operators based...
Learn moreDownload report
Ransomware Uncovered 2021/2022
Threat Research
Ransomware Uncovered 2021/2022
The well-known complete guide to the latest tactics, techniques, and procedures of ransomware operators...
Learn moreDownload report