Researchers at FireEye discovered that the Carbanak source code has been available on VirusTotal for two years, but it was not noticed before.
The Carbanak gang (aka FIN7, Anunak or Cobalt) stole over a billion euros from banks across the world, the name “Carbanak” comes with the name of the malware they used to compromise computers at banks, other financial institutions, restaurants, and other industries.
CARBANAK cybercrime gang was first uncovered in 2014 by Kaspersky Lab that dated its activity back to 2013 when the group leveraged the Anunak malware in targeted attacks on financial institutions and ATM networks. Between 2014 and 2016 the group used a new custom malware dubbed Carbanak that is considered a newer version of Anunak.
Starting from 2016 the group developed a new custom malware using Cobalt Strike, a legitimate penetration testing framework.
The experts discovered the source code, builders, and some previously unknown plugins in two different RAR archives.
The two archives were both uploaded two years ago from the same Russian IP address.
“On the heels of that publication, our colleague Nick Carr uncovered a pair of RAR archives containing CARBANAK source code, builders, and other tools (both available in VirusTotal: kb3r1p and apwmie).” reads a blog post published by FireEye.
“CARBANAK source code was 20MB comprising 755 files, with 39 binaries and 100,000 lines of code. Our goal was to find threat intelligence we missed in our previous analyses.”
Fedorov, is a skilled hacker and, who is suspected to be a manager of the group, was arrested at the request of U.S. officials in Bielsko-Biala, Poland, in January and is currently waiting for his extradition to the United States.
In January 2018 foreign authorities also arrested Fedir Hladyr in Dresden, Germany, he is currently detained in Seattle pending trial. Hladyr is suspected to be a system administrator for the group.
In late June 2018, foreign authorities arrested Andrii Kolpakov in Lepe, Spain. The man is suspected to be a supervisor of the group. He is currently detained in Spain pending the United States’ request for extradition.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.