EmpireMonkey, CobaltGoblin
Description
(Blueliv) EmpireMonkey is an advanced financially motivated cybercriminal gang. The group gained notoriety for a heist they conducted in February 2019 against the Maltese Bank of Valletta, which initially resulted in roughly €13 million in losses, though much of this was subsequently recovered or frozen. While a thorough post-mortem of the Bank of Valletta attack has yet to be made public, it is highly likely that the threat actors sent malicious spear phishing emails to employees at Bank of Valletta and other European financial institutions. In October 2018, HSBC Malta reported receiving phishing emails that bore hallmarks of the subsequent EmpireMonkey attack against Bank of Valletta.
This group seems to be directly related to Carbanak, Anunak and/or FIN7.
Names
| Name | Name-Giver |
|---|---|
| EmpireMonkey | ? |
| CobaltGoblin | ? |
| Anthropoid Spider | CrowdStrike |
Country
Motivation
- Financial crime
First Seen
2018
Observed Sectors
Observed Countries
Tools
Operations
- 2021-03: Nine Entertainment warns ransomware recovery ‘will take time’ https://www.itnews.com.au/news/nine-entertainment-warns-ransomware-recovery-will-take-time-562755
Counter Operations
- 2020-01: 6 Suspects Arrested in Maltese Bank Hacking Heist https://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674
Information
Other Information
Uuid
6efb94b7-0f7d-4408-8541-a185a63320f2
Last Card Change
2021-04-26