Cobalt Group

Threat Actor updated 4 months ago (2024-05-04T20:34:55.664Z)
Download STIX
Preview STIX
The Cobalt Group is a significant threat actor known for its financially-motivated cybercrime activities. This group, along with the Russian state-sponsored hacking group APT28, was responsible for almost half of all cybersecurity incidents in 2023, according to TechRadar. The Cobalt Group's modus operandi includes bypassing User Account Control (UAC) and gaining unauthorized access to targeted networks, as documented in November last year when they exploited CVE-2017-11882. Their activities often overlap with other groups like FIN6 and Evilnum, making it challenging to identify their exact identity. The Cobalt Group, along with FIN6, is known to use Golden Chickens, a malware-as-a-service (MaaS) offering. This MaaS, also referred to as More_eggs, has been dubbed the "cyber weapon of choice" by these Russia-based cyber gangs. eSentire, a cybersecurity firm, identified the second developer of Golden Chickens as a Romanian man known as VENOM SPIDER. The group has also used Storm-0324 for unauthorized corporate network access, primarily to distribute JSSLoader before handing over the keys to the notorious financial and ransomware actor FIN7. In 2017 and 2018, the Cobalt Group utilized badbullzvenoms' (aka: Lucky) VenomKit to deploy Cobalt Strike in attacks on banks. eSentire noted that this malware suite was later leveraged by FIN6 in 2019, the same year when the suite included the PureLocker ransomware plugin. The second developer of the Golden Chickens malware, which has been used extensively by the Cobalt Group, was unmasked by eSentire to be a Romanian named Jack, also known as Lucky and badbullzvenom.
Description last updated: 2024-05-04T17:53:07.169Z
What's your take? (Question 1 of 1)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Cobalt Strike
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
IDTypeVotesProfile Description
EVILNUMUnspecified
2
Evilnum is a form of malware, first observed and reported in 2018, that is designed to exploit and damage computer systems. It infiltrates systems through suspicious downloads, emails, or websites, often without the user's knowledge, and can steal personal information, disrupt operations, or even ho
Source Document References
Information about the Cobalt Group Threat Actor was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
CERT-EU
8 months ago
Cyber threat landscape controlled by leading threat operations
MITRE
9 months ago
Cobalt Group Gaffe Reveals All Targets in Attack on Financial Institutions
MITRE
9 months ago
First Activities of Cobalt Group in 2018: Spear-phishing Russian Banks
CERT-EU
9 months ago
Hiring? New scam campaign means ‘resume’ downloads may contain malware
CERT-EU
a year ago
Microsoft Teams Hacks Are Back, As Storm-0324 Embraces TeamsPhisher
CERT-EU
a year ago
High-severity Chrome vulnerabilities addressed
CERT-EU
a year ago
Minnesota VA medical center plagued with IT security gaps
CERT-EU
a year ago
Golden Chickens malware developer unmasked
MITRE
2 years ago
Cobalt Group 2.0
MITRE
2 years ago
Microsoft Word Intruder Integrates CVE-2017-0199, Utilized by Cobalt Group to Target Financial Institutions | Proofpoint US
Quick Heal Technologies Ltd.
2 years ago
UAC Bypass Using CMSTP
CERT-EU
a year ago
Researchers Identify Second Developer of ‘Golden Chickens’ Malware
CERT-EU
a year ago
Meet 'Jack' from Romania! Mastermind Behind Golden Chickens Malware
CERT-EU
a year ago
Αποκαλύφθηκε ο προμηθευτής malware των πιο επικίνδυνων Ρώσων κυβερνο-εγκληματιών
CERT-EU
a year ago
Researchers identify second developer behind Golden Chickens MaaS