Cobalt: logical attacks on ATMs
Report outlining activity of the Cobalt hacker group attacking banks
in Europe and Asia
Request 
Key facts
Banks of at least 14 countries including Russia, the UK, the Netherlands and Malaysia have suffered the attacks from this criminal group.
The 'touchless jackpotting' technique employed does not involve any physical manipulations of ATMs.
Bank systems are infected using tools that are widely available in public sources.
The shortest time taken to obtain total control over the banking network – 10 minutes.
Discover in detail about
How this attack’s malware spreads through internal banking networks and provides for its survivability.
Functional specifics of the ATM malware used to dispense money on demand.
The attack scheme and roles of group members.
Indicators of Compromise and attack prevention tactics.
Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being 'on the radar' of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.

Dmitry Volkov
Chief Technical Officer, Сo‑founder Group‑IB
Group-IB research on targeted attack groups

Hi-Tech Crime Trends 2020/2021

UltraRank: the unexpected twist of a JS-sniffer triple threat

RedCurl: The pentest
you didn’t know about

Online Piracy Research:
Jolly Roger’s patrons
of online pirates in developing countries.

Fxmsp: “The invisible god of networks”

Hi-Tech Crime Trends 2019/20

Attacks by Silence

Thrip

Xenotime

Hi-Tech Crime Trends 2018

Crime without punishment: in-depth analysis of JS-sniffers

2018 Cryptocurrency Exchanges

Cobalt: their evolution and joint operations

Hexane

Chafer

Silent Cards

Hi-Tech Crime Trends 2017

Muddywater

Lazarus Arisen: Architecture, Techniques and Attribution

Winnti

Lazarus Arisen: Architecture, Techniques and Attribution

LeafMiner

Hi-Tech Crime Trends 2016

APT33

MoneyTaker

Buhtrap

Lurk

Analysis of attacks against trading and bank card system

Anunak: APT against financial institutions

Lazarus Arisen: Architecture, Techniques and Attribution

Regin

BlackEnergy

Dragonfly

APT10

Hi-Tech Crime Trends 2020/2021

UltraRank: the unexpected twist of a JS-sniffer triple threat

RedCurl: The pentest
you didn’t know about

Online Piracy Research:
Jolly Roger’s patrons
of online pirates in developing countries.

Fxmsp: “The invisible god of networks”

Hi-Tech Crime Trends 2019/20

Attacks by Silence

Thrip

Xenotime

Hi-Tech Crime Trends 2018

Crime without punishment: in-depth analysis of JS-sniffers

2018 Cryptocurrency Exchanges

Cobalt: their evolution and joint operations

Hexane

Chafer

Silent Cards

Hi-Tech Crime Trends 2017

Muddywater

Lazarus Arisen: Architecture, Techniques and Attribution

Winnti

Lazarus Arisen: Architecture, Techniques and Attribution

LeafMiner

Hi-Tech Crime Trends 2016

APT33

MoneyTaker

Buhtrap

Lurk

Analysis of attacks against trading and bank card system

Anunak: APT against financial institutions

Lazarus Arisen: Architecture, Techniques and Attribution

Regin

BlackEnergy

Dragonfly

APT10
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Intelligence
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks
Client-side fraud and attack prevention system for online banking, working across sessions, platforms and devices
Protection from bots, fraud and data leakage for e‑commerce and web portals