ETDA ThaiCERT
Report
Search
Home > List all groups > EmpireMonkey, CobaltGoblin

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link APT group: EmpireMonkey, CobaltGoblin

NamesEmpireMonkey (?)
CobaltGoblin (?)
Anthropoid Spider (CrowdStrike)
Country[Unknown]
MotivationFinancial crime
First seen2018
Description(Blueliv) EmpireMonkey is an advanced financially motivated cybercriminal gang. The group gained notoriety for a heist they conducted in February 2019 against the Maltese Bank of Valletta, which initially resulted in roughly €13 million in losses, though much of this was subsequently recovered or frozen. While a thorough post-mortem of the Bank of Valletta attack has yet to be made public, it is highly likely that the threat actors sent malicious spear phishing emails to employees at Bank of Valletta and other European financial institutions. In October 2018, HSBC Malta reported receiving phishing emails that bore hallmarks of the subsequent EmpireMonkey attack against Bank of Valletta.

This group seems to be directly related to Carbanak, Anunak and/or FIN7.
ObservedSectors: Financial.
Countries: Malta.
Tools used
Counter operationsJan 20206 Suspects Arrested in Maltese Bank Hacking Heist
<https://www.bankinfosecurity.com/6-suspects-arrested-in-maltese-bank-hacking-heist-a-13674>
Information<https://blueliv.com/resources/white-papers/Finance_whitepaper_ENG.pdf>

Last change to this card: 15 April 2020

Download this actor card in PDF or JSON format

Previous: Emissary Panda, APT 27, LuckyMouse, Bronze Union
Next: Energetic Bear, Dragonfly

Thailand Computer Emergency Response Team (ThaiCERT)
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1234
E-mail report@thaicert.or.th
PGP Download PGP key