Cobalt Gang Members Sentenced by Kazakhstan District CourtMoney Mule Convictions Unlikely to Slow Gang Activity
A district court in Kazakhstan last Wednesday sentenced two unidentified Cobalt, aka Carbanak, gang members to serve eight years in prison on robbery and attempted robbery charges.
The gang members likely acted as money mules and may have been involved in the gang’s cashing out operations, Andrey Kolmakov, head of the hi-tech crime investigations team at cybersecurity firm Group-IB tells Information Security Media Group.
Kolmakov adds that the arrest will likely not affect the transnational cybercriminal gang’s operations. The Singapore-based firm reports that it has been tracking Cobalt since 2016.
“Just like the gang continued to strike after the arrest of the Cobalt gang’s leader in Spain in 2018, this latest announcement is unlikely to affect group members who remain at large,” Kolmakov says.
“Actual prosecution of cybercriminals and their accomplices, no matter where they are, is very important in order to reduce the global impact of digital crime, which is borderless in nature. In this regard, cross-border cooperation in cyberspace, public and private sector partnerships and timely threat intelligence exchange are the only ways forward to fight the ever-evolving cyberthreats,” he says.
The Institute for Critical Infrastructure Technology, a nonprofit cybersecurity think tank headquartered in Washington, D.C., that previously published a report on Carbanak, did not respond to ISMG’s request for comment on this recent development.
A district court in Almaty, Kazakhstan’s largest metropolis, on Wednesday sentenced the gang members to imprisonment on robbery and attempted robbery charges, a statement from the city prosecutor's office notes.
In 2016 and 2017, the cybercriminals hacked the information systems of two undisclosed banks in Kazakhstan to steal over 2 billion tenge ($4,678,070) and attempted to steal an additional 8 billion tenge ($18,712,280), the court statement says, citing arguments by the city’s special prosecutors.
The criminals opened 250 payment cards and used a malicious program to credit bank funds to them, the statement from the prosecutor’s office says.
“Subsequently, the cards were exported to Europe (Russia, Germany, Czech Republic, Estonia, Spain, Switzerland, Slovakia, Poland, the Netherlands, Lithuania, Belgium, France), where funds were cashed through foreign ATMs,” the statement says.
The rest of the members of the criminal organization have been identified and are on the international wanted list, the statement adds, but does not specify their identities.
What Does the Cobalt Gang Do?
By 2015, Cobalt had robbed more than 100 banks in 40 countries, causing damage worth $1 billion, a Kaspersky report says, adding that it was “by far the most successful criminal cyber campaign ever seen.”
The criminal organization primarily targets financial institutions. The attackers send spear-phishing emails with malicious attachments to employees of the targeted financial institutions, Kaspersky says. In some cases, the emails were sent to the individuals’ personal email addresses as well, it adds.
Kaspersky declined to comment on the organization’s activities and the recent arrest.
Gang Remained Active After Previous Arrests
In May 2018, Group-IB said the cybercrime gang had regrouped to resume operations despite the alleged kingpin of the organization, only known as Denis K., being arrested in Spain in March 2018.
Three other members of FIN7, the name the U.S. Attorney’s Office gives Carbanak, were arrested in August 2018.
Fedir Hladyr, a Ukranian national who served as a high-level manager and systems administrator for FIN7, was arrested in April 2021, according to a separate statement from the U.S. Attorney’s Office.