In February 28, the McAfee Advanced Threat Research team discovered that the cybercrime group Hidden Cobra continues to target cryptocurrency and financial organizations. Observed the return of Hidden Cobra’s Bankshot malware implant surfacing in the Turkish financial system. Also in the near past, Hidden Cobra group conducted attacks against the global financial network SWIFT.
In this new, aggressive campaign a return of the Bankshot implant was observed, which last appeared in 2017. Bankshot is designed to persist on a victim’s network for further exploitation. Bankshot was first reported by the Department of Homeland Security on December 13, 2017.
The goal of Hidden Cobra tracker is to detect the malicious activity of Bankshot malware by currently available IoCs.
The goal of SOC Prime Hidden Cobra Tracker use case is to detect the malicious activity of Bankshot malware by currently available IoCs.