Cobalt: logical attacks on ATMs

Report outlining activity of the Cobalt hacker group attacking banks
in Europe and Asia

Contact us +7 (495) 984 33 64 or

Get the report
Thank you

for taking interest in Group-IB reports

Contact us +7 (495) 984 33 64 or

Cobalt: Key Facts

Banks of at least 14 countries including Russia, the UK, the Netherlands and Malaysia have suffered the attacks from this criminal group.

The 'touchless jackpotting' technique employed does not involve any physical manipulations of ATMs.

Bank systems are infected using tools that are widely available in public sources.

The shortest time taken to obtain total control over the banking network – 10 minutes.

Discover in detail about

How this attack’s malware spreads through internal banking networks and provides for its survivability.

Functional specifics of the ATM malware used to dispense money on demand.

The attack scheme and roles of group members.

Indicators of Compromise and attack prevention tactics.

Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being 'on the radar' of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.

Dmitry Volkov

Head of the Investigation Department
and the Threat Intelligence service

Protect your clients, business and reputation

Threat Intelligence subscribers are always on the forefront and were made aware of the recent Buhtrap spear-phishing emails the same day they were sent. Additionally, reports included both mailings details and payload analysis. The data we provided proved vital in preventing attacks against clients exposed to Buhtrap risks.

We help to prevent and investigate cyber attacks at every stage, from reconnaissance or preparation to threat actors taking actions to achieve objectives. Furthermore, we prevent the spread of the attack and ensure that your infrastructure is clean of the presence of infection.
Contact us to learn more: +7 495 984-33-64 or

Group-IB is one of the global leaders in preventing and investigating high-tech crimes and online fraud. Since 2003, the company has been active in the field of computer forensics and information security, protecting the largest international companies against financial losses and reputation risks.

We are recognized by Gartner, Forrester and IDC a as leading threat intelligence vendor with the ability to provide a unique insight to the threats originating from Russia and Eastern Europe. Group-IB is recommended by the Organization for Security and Co-operation in Europe (OSCE).

Group-IB’s experience and threat intelligence has been fused into an eco-system of highly sophisticated software and hardware solutions to monitor, identify and prevent cyber threats.

Learn more

Cobalt: logical attacks on ATMs

Thank you for your interest in our research.

Please fill in the form below and we will send you the report. Please make sure to correctly fill
in all fields, we will only provide materials on provision of a valid corporate email address.
* Your data is protected by Privacy Policy
Thank you! You will receive the Cobalt report in the next
24 hours. If you have any questions, please contact us

If you have not provided us with a corporate email,
re-register or we will be in touch to request this shortly.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

* Your data is protected by Privacy Policy
Thank you!
We will contact you soon.
Report an incident