Cobalt Group
High ConfidenceHigh ThreatCobalt Gang • Cobalt Spider • GOLD KINGSWOOD
Cobalt Group is a financially motivated threat actor that has been active since at least 2016, primarily targeting financial institutions worldwide. The group gained notoriety for attacks against ATM networks, SWIFT systems, and payment card processing infrastructure. Cobalt Group's operations have resulted in over $1 billion in attempted thefts from banks across Europe, Asia, and the Americas. Despite the 2018 arrest of their alleged leader in Spain, the group's operations have continued under various guises.
Cobalt Group is a financially motivated threat actor that has been active since at least 2016, primarily targeting financial institutions worldwide. The group gained notoriety for attacks against ATM networks, SWIFT systems, and payment card processing infrastructure. Cobalt Group's operations have resulted in over $1 billion in attempted thefts from banks across Europe, Asia, and the Americas. Despite the 2018 arrest of their alleged leader in Spain, the group's operations have continued under various guises.
Target Sectors
Target Regions
Attributed to Cybercriminal (No State Sponsor) (Russia). Attribution confidence: High.
Future Outlook
Cobalt Group is expected to continue operations targeting Financial Services sectors.
First observed activity of Cobalt Group
Continued active operations