The Carbanak group is a criminal advanced persistent threat group whose attacks against dozens (potentially hundreds) of global financial institutions resulted in an estimated $1 billion in losses in the first half of 2014. Depending on the victim, the attacks are believed to have begun between December 2013 and June 2014. According to Kaspersky Labs, each victim bank lost $2.5 million to $10 million to the campaign. The victim financial institutions were located in Russia, the United States, Germany, China and Ukraine; additionally, the group may also have begun targeting organizations in Malaysia, Nepal, and Kuwait. The vast majority of victims (at least 52) are located in Russia. Overall, the group targeted at least 100 financial organizations at 300 IP addresses located in approximately 30 countries. Of the ~100 organizations targeted, Kaspersky believes that at least half suffered financial loss.
The Carbanak group is particularly significant because it demonstrates how the dangerous escalation of sophisticated cyber exploit kits, perpetuated by state sponsored groups and government agencies, has guided the development of complex and demonstratively effective criminal platforms that can financially harm private organizations and individuals alike. Consider that the Carbanak group stole an estimated $1 billion in less than 6 months. The loss to the global financial institutions, though meager compared to the entire global economy, can still lead to cascading global economic impacts within and outside the victim organizations.