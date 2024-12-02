A common theme for Cobalt is to start with spear-phishing emails to gain the initial entry. In financial attacks, the emails usually masquerade as other financial institutions or a financial supplier/partner domain to gain the target’s trust.

In 2017, it was reported that Cobalt had expanded its range into also targeting government, telecom/Internet, service providers, manufacturing, entertainment, and healthcare organizations, often using government organizations and ministries as a stepping stone for other targets.

In an analysis of the new campaign, Netscout’s ASERT researchers found that the cybergang used phishing emails that contained malicious URLs.

Cobalt is credited with the theft of USD 9.7 million from the Russian MetakkinvestBank; ATM thefts of USD 2.18 million from Taiwan banks; a SWIFT attack on Russian banks; and more than 200 other attacks on banks in Europe, Thailand, Turkey and Taiwan.