EmpireMonkey, CobaltGoblin

Description

(Blueliv) EmpireMonkey is an advanced financially motivated cybercriminal gang. The group gained notoriety for a heist they conducted in February 2019 against the Maltese Bank of Valletta, which initially resulted in roughly €13 million in losses, though much of this was subsequently recovered or frozen. While a thorough post-mortem of the Bank of Valletta attack has yet to be made public, it is highly likely that the threat actors sent malicious spear phishing emails to employees at Bank of Valletta and other European financial institutions. In October 2018, HSBC Malta reported receiving phishing emails that bore hallmarks of the subsequent EmpireMonkey attack against Bank of Valletta.

This group seems to be directly related to Carbanak, Anunak and/or FIN7.

Names

NameName-Giver
EmpireMonkey?
CobaltGoblin?
Anthropoid SpiderCrowdStrike

Country

Motivation

  • Financial crime

First Seen

2018

Observed Sectors

Observed Countries

Tools

Operations

Counter Operations

Information

Other Information

Uuid

6efb94b7-0f7d-4408-8541-a185a63320f2

Last Card Change

2021-04-26