GOLD KINGSWOOD

GOLD KINGSWOOD is a cybercriminal group that uses tactics more commonly associated with government-sponsored threat actors to infiltrate the internal networks of financial institutions around the globe. Having gained access, GOLD KINGSWOOD uses a custom modular reconnaissance tool to locate network segments associated with Automatic Teller Machines (ATMs). Custom malware is then deployed that can force the ATMs to "jackpot" cash into the hands of waiting money mules. GOLD KINGSWOOD has also attempted to move funds using the SWIFT network and has attacked other financial systems such as credit card processing systems and payment gateways.

CTU researchers assess with moderate confidence that GOLD KINGSWOOD is associated with, and may be a progression of the group referred to as Carbanak that has targeted banks in Russia and Ukraine since early 2014. A member of GOLD KINGSWOOD allegedly responsible for the development of their ATM malware was arrested in Spain in March 2018, although this did not halt the group's operations. GOLD KINGSWOOD is experienced and shows a high degree of sophistication in terms of its network intrusions and also its ability to cashout and then move large sums of money, which can be a complex task that is often beyond the resources of less experienced groups.