MOSCOW, May 29. /TASS/. The company in the field of investigation and prevention of cybercrimes Group-IB reported on new mass attacks by Cobalt group hackers against leading banks of Russia and the CIS, as well as foreign financial organizations. According to Group-IB , the attacks occurred on May 23 and 28 with the help of phishing emails.
In the Group-IB did not specify to TASS the names of banks. However, Group-IB told TASS that there are at least 86 different organizations around the world in the mailing list regularly used by Cobalt. "This list includes banks, insurance companies, media, leasing companies, construction companies, Internet providers, legal offices, integrators in the CIS, the United States, Europe, and Asia - virtually all over the world," the company said. From this list, attackers form "subscriptions" depending on the purposes of the attack, about half of the base falls on Russia. However, in fact, the list of attacked organizations may be wider, and, most likely, it is.
"Fincert of the Russian Central Bank in a timely manner informed credit organizations about these phishing mailings," press service of the Central Bank commented on the situation.
The first wave of Cobalt phishing mailing was registered on May 23 at 13:21 Moscow time (after almost 5 months of interruption in the attacks of this group in Russia - the last Cobalt attacks in Russia were in December 2017). Kaspersky Lab confirmed to TASS that last week phishing mailing was actually registered, masked as notifications to users. The second large-scale Cobalt attack was recorded five days later - on May 28 about 13:00 Moscow time, Group-IB noted.
According to Group-IB, the victims of these cyber attacks could not only be banks from Russia and the CIS, since emails were in English. Experts assessed the quality of phishing emails as high.