Cobalt Group Uses New Version of ThreadKit Malware
Kacy Zurkus | December 17, 2018
Researchers have discovered a new version of ThreadKit, malware known to be used by Cobalt Group, first identified in 2016, according to Fidelis Cybersecurity. In the recently released report, Fidelis threat research analysts found that despite reported arrests, Cobalt Group continues to remain active, using a new version of ThreadKit, a macro delivery framework sold and used by numerous actors and groups. In addition, researchers identified CobInt, a loader and backdoor framework utilized in profiling systems. The threat group had largely been targeting banks in Eastern Europe using phishing emails with malicious PDF attachments that allowed the group to steal more than $32,000 from multiple ATMs in an overnight attack. “The group has since built a reputation for their highly targeted, network intrusion methods. They expanded their geographical target area out of Eastern Europe, to include North America, South America and Western Europe as well as expanded their targets from banks, to also include supply chain companies, financial exchanges, investment funds, and lenders,” wrote Jason Reaves, Fidelis threat research principal engineer, in a blog post. Prior to Interpol reportedly arresting the group’s leader in March 2018, it was estimated that the threat actors had pilfered as much as $1.2 billion from banks across 40 different countries.