Cybercrime , Cybercrime as-a-service , Fraud Management & Cybercrime

Cobalt Gang Members Sentenced by Kazakhstan District Court

Money Mule Convictions Unlikely to Slow Gang Activity
Cobalt Gang Members Sentenced by Kazakhstan District Court
Cobalt gang members arrested, sentenced (Photo: Pixabay)

A district court in Kazakhstan last Wednesday sentenced two unidentified Cobalt, aka Carbanak, gang members to serve eight years in prison on robbery and attempted robbery charges.

See Also: Live Webinar: Seeking Success by Adopting a SASE Architecture: en el idioma Español

The gang members likely acted as money mules and may have been involved in the gang’s cashing out operations, Andrey Kolmakov, head of the hi-tech crime investigations team at cybersecurity firm Group-IB tells Information Security Media Group.

Kolmakov adds that the arrest will likely not affect the transnational cybercriminal gang’s operations. The Singapore-based firm reports that it has been tracking Cobalt since 2016.

“Just like the gang continued to strike after the arrest of the Cobalt gang’s leader in Spain in 2018, this latest announcement is unlikely to affect group members who remain at large,” Kolmakov says.

“Actual prosecution of cybercriminals and their accomplices, no matter where they are, is very important in order to reduce the global impact of digital crime, which is borderless in nature. In this regard, cross-border cooperation in cyberspace, public and private sector partnerships and timely threat intelligence exchange are the only ways forward to fight the ever-evolving cyberthreats,” he says.

The Institute for Critical Infrastructure Technology, a nonprofit cybersecurity think tank headquartered in Washington, D.C., that previously published a report on Carbanak, did not respond to ISMG’s request for comment on this recent development.

The Conviction

A district court in Almaty, Kazakhstan’s largest metropolis, on Wednesday sentenced the gang members to imprisonment on robbery and attempted robbery charges, a statement from the city prosecutor's office notes.

In 2016 and 2017, the cybercriminals hacked the information systems of two undisclosed banks in Kazakhstan to steal over 2 billion tenge ($4,678,070) and attempted to steal an additional 8 billion tenge ($18,712,280), the court statement says, citing arguments by the city’s special prosecutors.

The criminals opened 250 payment cards and used a malicious program to credit bank funds to them, the statement from the prosecutor’s office says.

“Subsequently, the cards were exported to Europe (Russia, Germany, Czech Republic, Estonia, Spain, Switzerland, Slovakia, Poland, the Netherlands, Lithuania, Belgium, France), where funds were cashed through foreign ATMs,” the statement says.

The rest of the members of the criminal organization have been identified and are on the international wanted list, the statement adds, but does not specify their identities.

What Does the Cobalt Gang Do?

By 2015, Cobalt had robbed more than 100 banks in 40 countries, causing damage worth $1 billion, a Kaspersky report says, adding that it was “by far the most successful criminal cyber campaign ever seen.”

The criminal organization primarily targets financial institutions. The attackers send spear-phishing emails with malicious attachments to employees of the targeted financial institutions, Kaspersky says. In some cases, the emails were sent to the individuals’ personal email addresses as well, it adds.

Kaspersky declined to comment on the organization’s activities and the recent arrest.

Gang Remained Active After Previous Arrests

In May 2018, Group-IB said the cybercrime gang had regrouped to resume operations despite the alleged kingpin of the organization, only known as Denis K., being arrested in Spain in March 2018.

Three other members of FIN7, the name the U.S. Attorney’s Office gives Carbanak, were arrested in August 2018.

Fedir Hladyr, a Ukranian national who served as a high-level manager and systems administrator for FIN7, was arrested in April 2021, according to a separate statement from the U.S. Attorney’s Office.


About the Author

Rashmi Ramesh

Rashmi Ramesh

Senior Subeditor, ISMG, Global News Desk

Ramesh has previously worked at companies such as TechCircle, The Economic Times and The New Indian Express, writing and editing stories on enterprise technology, consumer technology, sustainability, and diversity and inclusion.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.