Two Canadian banks, the Bank of Montreal and the Simplii Financial were hit by cyber attacks. The attacks are believed to have been carried about by the Cobalt Gang — an APT-style criminal threat group which primarily carries out attacks leveraging the Cobalt Strike penetration testing framework. The group is said to have strong ties to Carbanak, a similar group which has stolen more than 1 billion dollars and has affected over 100 financial institutions and 30 countries. As a result of the breach cyber attackers were able to walk away with the personal information of over 90,000 customers.
On Sunday, May 27, 2018 the attackers contacted the banks and threatened to make the data public. The Cobalt gang continues to be active despite their leader’s arrest in Spain two months ago. The attacks appear to have used spearphishing emails which impersonated alerts from Kaspersky Labs. This could indicate the attackers had previous knowledge of the bank’s defenses and crafted specific messages intended to fool their victims.