Podcast revisits Carbanak gang’s $1B bank heists and how they infiltrated banks

A new podcast episode from Wicked Coin revisits Carbanak, the sophisticated cybercrime campaign that infiltrated more than 100 financial institutions across dozens of countries and stole over $1 billion. Rather than relying on crude smash-and-grab tactics, the gang used spear-phishing emails and malicious attachments to gain initial access, then spent months inside bank networks conducting internal surveillance, recording employee activity, and leveraging legitimate banking tools and credentials to execute fraudulent transfers and trigger ATM cash-outs. The campaign, which emerged around 2013 and was publicly exposed in 2014-2015, represents one of the most significant examples of long-dwell financial intrusion on record. Hosts Diana Shaw and Tatiana Sainati interview guests Lyn Brown and Erin Joe about the operation, drawing on investigations by Kaspersky Lab, Europol, and other law-enforcement and cybersecurity teams that later pursued arrests linked to the broader group, which has also been tracked as Anunak and linked to Cobalt and FIN7 activity.