Analysis of attacks against trading and bank card system
Group-IB annual report on speculative fluctuations of exchange rate and other incidents in 2015 caused by the Trojan program Corkow (Metel)
Request
Facts about Corkow:
and more the trojan could stay undetected in the system
lasted the attack that caused a high volatility in the exchange rate
reached volatility of the ruble against the dollar during attack (from 55 to 66 rubles)
devices were infected with Corkow worldwide, and the scale of botnet increased daily
Download the report to learn more about:
detailed overview of the incident, when trading system was attacked by Corkow
cybercriminals’ approach and geographic spread of Corkow malware
indicators of compromise and recommendations for defense
technical analysis of the trojan and its functionality
Judging by the method of infecting devices and corporate networks, we can conclude that all infections were conducted on a random “non-targeted” basis. However, as our previous investigations on Anunak group displayed, access to any computer on a corporate network gives access to even the most highly protected banking systems. The attacks against the trading system and bank card system were conducted under the same scenario and thus we can forecast similar attacks against financial institutions in Russia, EU, the Middle East, Asia and the USA in the future.

Dmitry Volkov
Chief Technical Officer, Сo‑founder Group‑IB
Group-IB research on targeted attack groups

Hi-Tech Crime Trends 2020/2021

UltraRank: the unexpected twist of a JS-sniffer triple threat

RedCurl: The pentest
you didn’t know about

Online Piracy Research:
Jolly Roger’s patrons
of online pirates in developing countries.

Fxmsp: “The invisible god of networks”

Hi-Tech Crime Trends 2019/20

Attacks by Silence

Hi-Tech Crime Trends 2018

Crime without punishment: in-depth analysis of JS-sniffers

2018 Cryptocurrency Exchanges

Cobalt: their evolution and joint operations

Hi-Tech Crime Trends 2017

Lazarus Arisen: Architecture, Techniques and Attribution

Hi-Tech Crime Trends 2016

MoneyTaker

Buhtrap

Anunak: APT against financial institutions

Hi-Tech Crime Trends 2020/2021

UltraRank: the unexpected twist of a JS-sniffer triple threat

RedCurl: The pentest
you didn’t know about

Online Piracy Research:
Jolly Roger’s patrons
of online pirates in developing countries.

Fxmsp: “The invisible god of networks”

Hi-Tech Crime Trends 2019/20

Attacks by Silence

Hi-Tech Crime Trends 2018

Crime without punishment: in-depth analysis of JS-sniffers

2018 Cryptocurrency Exchanges

Cobalt: their evolution and joint operations

Hi-Tech Crime Trends 2017

Lazarus Arisen: Architecture, Techniques and Attribution

Hi-Tech Crime Trends 2016

MoneyTaker

Buhtrap

Anunak: APT against financial institutions
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Thank you for your interest in our research.
Please fill in the form below and we will send you the Group-IB report. Please make sure to correctly fill in all fields, we will only provide materials on provision of a valid corporate email address.
Advanced protection against cyber threats
Group-IB’s security ecosystem provides comprehensive protection for your IT infrastructure based on our unique cyber intelligence and deep analysis of attacks and incident response.
Intelligence
Аctionable, finished intelligence to track actors and prevent attacks before they happen
Comprehensive solution to protect corporate network, hunt for threats and respond to even the most complex cyber attacks
Client-side fraud and attack prevention system for online banking, working across sessions, platforms and devices
Protection from bots, fraud and data leakage for e‑commerce and web portals