Cobalt: logical attacks on ATMs
Report outlining activity of the Cobalt hacker group attacking banks
in Europe and Asia
Request 
Key facts
Banks of at least 14 countries including Russia, the UK, the Netherlands and Malaysia have suffered the attacks from this criminal group.
The 'touchless jackpotting' technique employed does not involve any physical manipulations of ATMs.
Bank systems are infected using tools that are widely available in public sources.
The shortest time taken to obtain total control over the banking network – 10 minutes.
Discover in detail about
How this attack’s malware spreads through internal banking networks and provides for its survivability.
Functional specifics of the ATM malware used to dispense money on demand.
The attack scheme and roles of group members.
Indicators of Compromise and attack prevention tactics.
Logical attacks on ATMs are expected to become one of the key threats targeting banks: they enable cybercriminals to commit fraud remotely from anywhere globally and attack the whole ATM network without being 'on the radar' of security services. That said, this type of attack does not require development of expensive advanced software – a significant amount of the tools used are widely available on the deep web. Every bank is under threat of logical attacks on ATMs and should be protected accordingly.
Dmitry Volkov
Chief Technical Officer, Сo‑founder Group‑IB
Group-IB research on targeted attack groups
August 2019
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Learn more 
March 2019
Crime without punishment: in-depth analysis of JS-sniffers
In-depth analysis and new types of a growing threat — JS‑sniffers — designed to steal payment data
Request Learn more 
October 2018
Hi-Tech Crime Trends 2018
Introducing the research on cyber-security trends and predictions for the next year. Plan your cyber security strategy effectively.
Request Learn more 
September 2018
Silence: Moving into the darkside
A mobile, small, and young cybergang group has been progressing rapidly. While successful attacks were detected in Russian banks, Group-IB experts have discovered the group’s activity in 25+ countries worldwide.
Learn more 
August 2018
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Request Learn more 
May 2018
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Request Learn more 
December 2017
MoneyTaker
This hacker group is noticeable for 1.5 years of silent operations and multiple attacks. They still pose a threat: learn about MoneyTaker techniques and indicators of compromise now.
Request Learn more 
October 2017
Hi-Tech Crime Trends 2017
Introducing the research on cyber-security trends and predictions for the next year. Plan your cyber security strategy effectively.
Request Learn more 
May 2017
Lazarus Arisen: Architecture, Techniques and Attribution
In-depth research, containing recommendations on how to track their involvement in recent attacks.
Request Learn more 
October 2016
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
Request Learn more 
March 2016
Buhtrap: the evolution of targeted attacks against financial institutions
This research gives the details about the methods of the hacker group, which carried out 13 successful attacks against banking institutions.
Request Learn more 
February 2015
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Request Learn more 
December 2014
Anunak: APT against financial institutions
This research includes the findings of Group-IB and Fox‑IT on Anunak (Carbanak) group, which focused its activity on banks and electronic payment systems.
Learn more August 2019
Attacks by Silence
A comprehensive technical analysis of Silence’s tools, tactics, and evolution. This is the first time Group‑IB’s reports of this kind have been made publicly available.
Learn more March 2019
Crime without punishment: in-depth analysis of JS-sniffers
In-depth analysis and new types of a growing threat — JS‑sniffers — designed to steal payment data
Request Learn more October 2018
Hi-Tech Crime Trends 2018
Introducing the research on cyber-security trends and predictions for the next year. Plan your cyber security strategy effectively.
Request Learn more September 2018
Silence: Moving into the darkside
A mobile, small, and young cybergang group has been progressing rapidly. While successful attacks were detected in Russian banks, Group-IB experts have discovered the group’s activity in 25+ countries worldwide.
Learn more August 2018
2018 Cryptocurrency Exchanges
Estimation of the number of login and passwords leaks of cryptoсurrency exchanges users and analysis their nature. Recommendations for ensuring security of users and exchanges.
Request Learn more May 2018
Cobalt: their evolution and joint operations
Learn about Cobalt’s development and modification of tools and tactics which were used to steal approximately 1 billion dollars from over 100 banks in 40 different countries.
Request Learn more December 2017
MoneyTaker
This hacker group is noticeable for 1.5 years of silent operations and multiple attacks. They still pose a threat: learn about MoneyTaker techniques and indicators of compromise now.
Request Learn more October 2017
Hi-Tech Crime Trends 2017
Introducing the research on cyber-security trends and predictions for the next year. Plan your cyber security strategy effectively.
Request Learn more May 2017
Lazarus Arisen: Architecture, Techniques and Attribution
In-depth research, containing recommendations on how to track their involvement in recent attacks.
Request Learn more October 2016
Hi-Tech Crime Trends 2016
Learn about the evolution of cyber crime in 2016 and find out what predictions for 2017 came true. Spoiler: most of them did.
Request Learn more March 2016
Buhtrap: the evolution of targeted attacks against financial institutions
This research gives the details about the methods of the hacker group, which carried out 13 successful attacks against banking institutions.
Request Learn more February 2015
Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel).
Request Learn more December 2014
Anunak: APT against financial institutions
This research includes the findings of Group-IB and Fox‑IT on Anunak (Carbanak) group, which focused its activity on banks and electronic payment systems.
Learn more Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Threat
Intelligence
Intelligence
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Threat Detection System
Intelligence-driven network protection even from the most advanced attacks
Secure Bank
Client-side fraud and attack prevention system for online banking, working across sessions, platforms and devices
Secure Portal
Protection from bots, fraud and data leakage for e‑commerce and web portals