Researchers have discovered a new version of ThreadKit, malware known to be used by Cobalt Group, first identified in 2016, according to Fidelis Cybersecurity.
In the recently released report, Fidelis threat research analysts found that despite reported arrests, Cobalt Group continues to remain active, using a new version of ThreadKit, a macro delivery framework sold and used by numerous actors and groups. In addition, researchers identified CobInt, a loader and backdoor framework utilized in profiling systems.
The threat group had largely been targeting banks in Eastern Europe using phishing emails with malicious PDF attachments that allowed the group to steal more than $32,000 from multiple ATMs in an overnight attack.
By Kacy Zurkus
To read the full article click here.