Carbanak's Back And Using Google Services For Command-and-ControlCarbanak's Back And Using Google Services For Command-and-Control
Cybercrime gang employs common cloud services to hide in plain sight.
January 18, 2017
The infamous Carbanak cybercrime gang responsible for hacking and stealing money from financial insitutions in 2015 recently resurfaced with a new modus operandi: using Google services for command-and-control of its malware.
Researchers from Forcepoint Security Labs today detailed new activity they spotted by the Carbanak gang that employs Google's Apps Script, Sheets, and Forms cloud-based services to send and receive commands for its malware. Forcepoint recently spotted Carbanak using a trojanized RTF document with an encoded Visual Basic script.
"For each infected user a unique Google Sheets spreadsheet is dynamically created in order to manage each victim. The use of a legitimate third party service like this one gives the attacker the ability to hide in plain sight," Forcepoint wrote in a blog post today.
Carbanak, which was first discovered by researchers at Kaspersky Lab, is an international cybercrime ring based out of Eastern Europe that pilfered some $1 billion in two years from 100 different banks in nearly 30 countries using spear phishing emails targeting bank employees. Its targets were mainly Russian financial institutions, followed by banks in Denmark and the US.
Forcepoint says it has notified Google about Carbanak's fraud via Google services. Click here for more information.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
What Ransomware Groups Look for in Enterprise Victims
How to Use Threat Intelligence to Mitigate Third-Party Risk
Everything You Need to Know About DNS Attacks
Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks
How Enterprises Are Managing Application Security Risks in a Heightened Threat Environment