Cobalt: logical attacks on ATMsReport outlining activity of the Cobalt hacker group attacking banks
in Europe and Asia
Request

Key facts

Banks of at least 14 countries including Russia, the UK, the Netherlands and Malaysia have suffered the attacks from this criminal group.

The 'touchless jackpotting' technique employed does not involve any physical manipulations of ATMs.

Bank systems are infected using tools that are widely available in public sources.

The shortest time taken to obtain total control over the banking network – 10 minutes.

Discover in detail about

How this attack’s malware spreads through internal banking networks and provides for its survivability.

Functional specifics of the ATM malware used to dispense money on demand.

The attack scheme and roles of group members.

Indicators of Compromise and attack prevention tactics.

Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being 'on the radar' of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.

Dmitry Volkov

Chief Technical Officer, Сo‑founder Group‑IB

Group-IB research on targeted attack groups

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.

 

* Your data is protected by Privacy Policy
Thank you for the inquiry!
We will contact you soon.

Report an incident

24/7 Incident Response Assistance +7 495 984-33-64

* Your data is protected by Privacy Policy
Thank you!
We will contact you soon.