In mid-2018, Bitdefender researchers investigated a targeted attack on an Eastern European financial institution, gaining new insights and creating a complete event timeline showing how the infamous group Carbanak infiltrates organizations, how it moves laterally across the infrastructure, and the time it takes to set up the actual heist.
The initial point of compromise found in our investigation involved the use of spear-phishing emails with malicious URLs and tainted documents rigged to download a Cobalt Strike beacon component. Within hours of compromise, the cybercriminal group would begin to move laterally across the infrastructure, identify critical documents and prepare them for exfiltration, and try to access the organization’s ATM and banking applications.