Morphisec Cybersecurity Blog

Carbanak WinWord Exploit Prevented by Morphisec

Written by Morphisec Team | March 21, 2016 at 7:27 PM

The Carbanak APT group, aka “Anunak,” (dubbed Carbanak by Kaspersky Labs to reflect its Carberp origins) is one of the most notorious cybercriminal groups to target the Financial sector. Since Carbanak was first released in December 2014, around 100 financial institutions in approximately 30 countries have fallen victim to it, losing nearly $1 billion. Carbanak attacks begin with malware infected documents sent as email attachments to targeted bank employees. The malicious document is accompanied by an email message establishing an innocent seeming context. Once activated, the document delivers the malware, usually by exploiting an unpatched Office application vulnerability, in this case Microsoft Word. After obtaining the required credentials / data from the unprotected target victims, the Carbanak malware continues to its next stage of infiltrating the financial institution’s network.

Carbanak was discussed in-depth at Kaspersky’s 2016 Security Analysts Summit last month (check out Kaspersky’s great infographic in this article). Proofpoint, spotting new Carbanak campaigns targeting the Middle East, published this detailed investigation on March 14.

Given its ongoing relevance, our very own Chief Attack Investigator Michael Gorelik, VP R&D at Morphisec, hit the record button to show you how Morphisec prevents a Carbanak attack right at the beginning of the kill chain.

Enjoy this attack – or shall we call it “prevention” – video taken on March 15, 2016.