← All Threat Actors
Threat Actor Profile

Carbanak

Anunak APT-C-11 ATK 32 FIN7 G0008 GOLD WATERFALL GrayAlpha Navigator Group TAG-CR1
▲ High Threat
[Carbanak](https://attack.mitre.org/groups/G0008) is a cybercriminal group that has used [Carbanak](https://attack.mitre.org/software/S0030) malware to target financial institutions since at least 2013. [Carbanak](https://attack.mitre.org/groups/G0008) may be linked to groups tracked separately as [Cobalt Group](https://attack.mitre.org/groups/G0080) and [FIN7](https://attack.mitre.org/groups/G0046) that have also used [Carbanak](https://attack.mitre.org/software/S0030) malware.(Citation: Kaspersky Carbanak)(Citation: FireEye FIN7 April 2017)(Citation: Europol Cobalt Mar 2018)(Citation: Secureworks GOLD NIAGARA Threat Profile)(Citation: Secureworks GOLD KINGSWOOD Threat Profile)
Origin

Known TTPs

Masquerade Task or Service
Rundll32
Valid Accounts
Bidirectional Communication
Windows Service
Remote Access Tools
Match Legitimate Resource Name or Location
Disable or Modify System Firewall
Tool

External Resources

CISA Advisories ↗

Related Intelligence

Hacking the mainframe…

LINK COPIED TO CLIPBOARD