Security & Fraud

Spanish Police Arrest Leader Of Hacking Gang Behind Cobalt, Carbanak Attacks

Ransomware Scores Big

The leader of a cybercriminal gang responsible for the Carbanak and Cobalt malware attacks was arrested by Spanish police.

Citing Europol, Reuters reported that Spanish police arrested an individual who they believe is the leader of the group that was able to steal $1.2 billion from banks by changing account balances and having ATMs dispense cash. Identified as “Denis K,” the person was arrested in the port city of Alicante in Spain after cooperation between law enforcement in the U.S., Asia and Europe. The suspect was arrested along with three other members, who were originally from Russia and the Ukraine, the Interior Ministry said.

Europol contends the group has been operating since 2013 and has members in 40 countries around the globe. The attackers targeted around 100 financial institutions. They sent malware-infected emails to bank employees to access their networks and servers to engage in the fraud.

“With that level of access, the nefarious individuals authorize fraudulent bank transfers, raise the balances of mule accounts or command-affected ATMs to spit out the money for them,” Europol said. During the police raid, the Interior Ministry seized jewels worth €500,000 and two luxury vehicles. Europol also blocked bank accounts and two houses that have a market value of €1 million. The law enforcement agency said the group used so-called mules that would take money from ATMs as they were attacked. Until 2015, the Russian mafia was tapped for that; in 2016, the gang turned to the Moldovan mafia.

Some of the hackers involved are Russian or have ties to Russia, but Russian banks weren’t necessarily immune to the group’s attacks. In February, Reuters reported Russian banks had a rough 2017 in terms of cybersecurity incidents. Russian bank officials revealed that hackers lifted over 1 billion roubles ($17 million) from Russian banks last year using the Cobalt Strike security-testing tool.

Russian institutions have been under scrutiny for various cybercrimes over the last 18 months, as reports have emerged that Moscow-backed hacking units have been instrumental in cyberattacks on the U.S. and across Europe. However, authorities in Russia seem to suggest that Russians are just as likely to be victims of a cyberattack as anyone else — and that they’re working hard to lock out hackers.



The How We Shop Report, a PYMNTS collaboration with PayPal, aims to understand how consumers of all ages and incomes are shifting to shopping and paying online in the midst of the COVID-19 pandemic. Our research builds on a series of studies conducted since March, surveying more than 16,000 consumers on how their shopping habits and payments preferences are changing as the crisis continues. This report focuses on our latest survey of 2,163 respondents and examines how their increased appetite for online commerce and digital touchless methods, such as QR codes, contactless cards and digital wallets, is poised to shape the post-pandemic economy.