Towards the end of 2017, a group of researchers at Embedi discovered a Microsoft Office vulnerability that’s been quietly putting systems in danger for about 17 years.
The Carbanak APT group, aka “Anunak,” (dubbed Carbanak by Kaspersky Labs to reflect its Carberp origins) is one of the most notorious cybercriminal groups to target the Financial sector. Since Carbanak was first released in December 2014, around 100 financial institutions in approximately 30 countries have fallen victim to it, losing nearly $1 billion. Carbanak attacks begin with malware infected documents sent as email attachments to targeted bank employees. The malicious document is accompanied by an email message establishing an innocent seeming context. Once activated, the document delivers the malware, usually by exploiting an unpatched Office application vulnerability, in this case Microsoft Word. After obtaining the required credentials / data from the unprotected target victims, the Carbanak malware continues to its next stage of infiltrating the financial institution’s network.