Carbanak Gang Reappears with Enormous Cyber-attack

Proofpoint recently detected an enormous cyber-attack in which the APT gang Carbanak from Russia is involved while returning to business.

The security company finds the gang attacking executive officers within the national economies' financial sectors in Europe, USA and Middle East, of which the Middle East accounts for the maximum instances. The attack does not just target financial institutions but firms in the media too along with somewhat unusual targets such as the fire safety, heating and air conditioning companies.

The gang reportedly became inactive during February 2015 when security researchers thwarted their operations; however, in the autumn of the same year and subsequently during February 2016, it made a comeback with fresh assaults; however, this time targeting multinational companies' financial departments and the institutions of finance.

These targeted assaults described as spear phishing attacks occurred directly against high-profile executive officers within banks situated inside eighteen countries, with the majority striking UAE, Kuwait, Oman, USA and Australia.

Proofpoint researchers observed that the gang moved their attack beyond institutions of finances to apparently unconnected targets within HVAC, fire and safety. They further said that among others who could provide attackers an entry point were suppliers and vendors.

Proofpoint believes the current attacks are indications of the notorious $1bn heist by Carbanak of 2015 about to make a repeat. According to the company's research, computations show that last year's assault covered 3-4 months since start of contamination to theft that brings up the question about if the current attack is preparation for the next such high value heist. Apparently Proofpoint is seeing the initial phases of certain assault leveraging fresh exploits, RATs and malware-laced e-mail attachments for targeting fresh entities beyond the Russian domain they normally seek. Scmagazineuk.com posted this, March 22, 2016.

Proofpoint detects the latest threat to be a RAT (remote access Trojan) namely Spy.Sekur employed for creating backdoors on contaminated desktops. Alongside Spy.Sekur, Carbanak employed other increasingly infamous RATs as well, say security researchers. And as spear-phishing scams normally make up the early phase of most Internet offenses, Proofpoint has apparently seized Carbanak performing theft directly during one fresh surge of assaults.

» SPAMfighter News - 3/30/2016