Group: Carbanak, Anunak, Carbon Spider

From enterprise
Jump to: navigation, search
Carbanak, Anunak, Carbon Spider
ID G0008
Aliases Carbanak, Anunak, Carbon Spider
Contributors Anastasios Pingios

Carbanak is a threat group that mainly targets banks. It also refers to malware of the same name (Carbanak). It is sometimes referred to as FIN7, but these appear to be two groups using the same Carbanak malware and are therefore tracked separately.12

Alias Descriptions

  • Carbanak - 13
  • Anunak - 3
  • Carbon Spider - 4

Techniques Used

  • Valid Accounts - Carbanak actors used legitimate credentials of banking employees to perform operations that sent them millions of dollars.1
  • New Service - Carbanak malware installs itself as a service to provide persistence and SYSTEM privileges.1
  • Masquerading - Carbanak malware names itself "svchost.exe," which is the name of the Windows shared service host program.1
  • Web Service - Carbanak has used a VBScript named "ggldr" that uses Google Apps Script, Sheets, and Forms services for C2.6