Return of The Carbanak
Mar 13, 2016
One particular instance of the APT groups activity involved the group planting a cron script into a banks server. The script then sent financial transactions at the rate of $200 per minute using a time specified scheduler to post nefarious transactions directly to the upstream payment processing system. This enabled the APT group to transfer money to multiple e-currency services without these transactions being reported to any system inside the bank. What was particularly of concern about the Carbanak attacks waged against banks was that the malware wasn’t discovered until after financial institutions noticed the money was gone.
To better defend yourselves from these attacks remember to stay vigilant and report all suspicious activity to your IT helpdesk or Security Operations Center. Please refer to US-CERTs “Avoiding Social Engineering and Phishing Attacks article:https://www.us-cert.gov/ncas/tips/ST04-014
Also you may reference Kasperskys recommendations on keeping yourself protected:
IOCs (Indicators Of Compromise) are available at the links listed below. Refer to <Content type= sections in the .ioc files for your domains, MD5 hashes, IPs, and URLs to block.
– Steven R.
Advanced Threat Cyber Security Analyst