Hacking Group Accidentally Leaks Their Targets List

group of hackers

The “Cobalt” hacking group accidentally revealed its target list, which was identified by RiskIQ staff. The phishing campaign was duly averted.

A group of skilled hackers are supposed to be the most intelligent people on the planet, but sometimes even the elite class makes silly mistakes that either lead to their end or at least a major catastrophe.

The latest update is that a notorious hacking group which identifies themselves as “Cobalt” has made a simple mistake that ended up leaking their targets list, which included some of the top banks, financial institutions and corporations around the world.

The information was unveiled by a researcher named Yonathan Klijnsma, who works for thecybersecurityy firm RiskIQ.

Security companies always spend a major part of their resources in keeping track of the activities that take place in social media and the dark web.

This practice often leads to interesting discoveries and also helps the cyber security teams nab individual criminals and hacking groups even before they could attack.

Similarly, many such researchers have led to finding bugs in major browsers and software programs which potentially could give complete access to hackers.

Oftentimes, such a crisis is completely averted because of the timely discovery.

Exposed Target List Saved Millions from Hacking

In most phishing campaign scenarios, hacking groups are after money and the Cobalt case is hardly any different.

Klijnsma confirmed that the hacking group schemed by sending out mass email messages, but they made one small yet important mistake that revealed their plans.

Instead of adding the campaign’s targets in the BCC: field in the emails, they wrongly specified their own targets in the To: field.

When individual hackers or hacking groups launch large-scale phishing attacks, they don’t simply go against opponents all at once, as it could alert others.

Instead, they create a list and slowly take down one bank or organization at a time. A similar trend was found in this incident but accidentally, the team leaked all their potential targets.

The security firm instantly alerted all the banks and financial institutions they identified in the list. It potentially saved millions of dollars from falling into the hands of hacking groups like Cobalt, which has a history of targeting these sorts of powerful institutions.

According to the security expert who made this massive discovery, the majority of the targeted institutions were located in Russia and Turkey.

A Compelling Subject Line for a Phishing Attack

Phishing Attack planning

Hacking group scheme is by sending out mass email messages.

Phishing emails are usually distributed with a catchy subject line that includes specific terms usually gaining the most clicks from users.

But in this case of Cobalt’s email campaign, the subject line had no inline text and there was a single RTF file inside it.

The file was supposed to provide information on changes made to SWIFT, which is used in inter-banking money transfer processes.

If executed properly, the email would prompt most bank employees to open it instantly, which is what the hacking group bet on.

Inside the RTF file, a vulnerable CVE-2017-11882 Microsoft Office Equation Editor component (which happens to be a known recent bug) was located.

It would have given access to the data available in the bank employees’ computers, thereby allowing the Cobalt hacking group to access files or create a ransomware campaign by locking access to the system.

But the problem with this reveal is that hackers have already exposed their target list by including them in the To: field.

It also leads to question if Cobalt (and more hacking groups, too) could be devising a new campaign while security experts and firms are focused on this “leaked” information.

Leave a Reply