Cyber Resilience

Threat actor · all actors

Cobalt GroupG0080 unknown

aka Cobalt Group, GOLD KINGSWOOD, Cobalt Gang, Cobalt Spider, Cobalt, G0080, Mule Libra

Last updated: 2026-07-03

0attributed CVEs
52ATT&CK techniques
0.0IDF score (tooling uniqueness)
0exclusive CVEs
years active

About this actor

[Cobalt Group](https://attack.mitre.org/groups/G0080) is a financially motivated threat group that has primarily targeted financial institutions since at least 2016. The group has conducted intrusions to steal money via targeting ATM systems, card processing, payment systems and SWIFT systems. [Cobalt Group](https://attack.mitre.org/groups/G0080) has mainly targeted banks in Eastern Europe, Central Asia, and Southeast Asia. One of the alleged leaders was arrested in Spain in early 2018, but the group still appears to be active. The group has been known to target organizations in order to use their access to then compromise additional victims.(Citation: Talos Cobalt Group July 2018)(Citation: PTSecurity Cobalt Group Aug 2017)(Citation: PTSecurity Cobalt Dec 2016)(Citation: Group IB Cobalt Aug 2017)(Citation: Proofpoint Cobalt June 2017)(Citation: RiskIQ Cobalt Nov 2017)(Citation: RiskIQ Cobalt Jan 2018) Reporting indicates there may be links between [Cobalt Group](https://attack.mitre.org/groups/G0080) and both the malware [Carbanak](https://attack.mitre.org/software/S0030) and the group [Carbanak](https://attack.mitre.org/groups/G0008).(Citation: Europol Cobalt Mar 2018)

Source: MITRE ATT&CK

Activity timeline

No activity events recorded.

Profile

CVERiskCVSSEPSSPublishedProducts
No attributed CVEs.

Mitigating controls (NIST 800-53)

ControlTechniques coveredCoverage
SI-442 / 5281%
CM-640 / 5277%
CM-239 / 5275%
SI-335 / 5267%
CM-733 / 5263%
CA-728 / 5254%
AC-323 / 5244%
SC-722 / 5242%
AC-421 / 5240%
AC-621 / 5240%
SI-721 / 5240%
RA-520 / 5238%
AC-219 / 5237%
CM-817 / 5233%
SI-217 / 5233%

Co-occurring actors

None.

Similar actors

Similar TTPs