Who is EmpireMonkey, CobaltGoblin?

EmpireMonkey, CobaltGoblin is a threat actor, also known as EmpireMonkey, CobaltGoblin, Anthropoid Spider. This group is tracked in the Strobes VI threat intelligence database.

What vulnerabilities does EmpireMonkey, CobaltGoblin exploit?

Specific CVE exploitation data for EmpireMonkey, CobaltGoblin is being tracked. Check the Strobes VI threat actor profile for updates.

Agentic AI · Pentesting

Ready for Agentic Automated Testing?

Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.

Zero false positives

PoC for every finding

30+ tools orchestrated

Book a Demo Learn More

Setup in 5 minutesSOC 2 & ISO 27001

EmpireMonkey, CobaltGoblin

Also known as: EmpireMonkey, CobaltGoblin, Anthropoid Spider, Empire Monkey

Financial crime

Exploited CVEs

Overview

EmpireMonkey is an advanced financially motivated cybercriminal gang. The group gained notoriety for a heist they conducted in February 2019 against the Maltese Bank of Valletta, which initially resulted in roughly €13 million in losses, though much of this was subsequently recovered or frozen. While a thorough post-mortem of the Bank of Valletta attack has yet to be made public, it is highly likely that the threat actors sent malicious spear phishing emails to employees at Bank of Valletta and other European financial institutions. In October 2018, HSBC Malta reported receiving phishing emails that bore hallmarks of the subsequent EmpireMonkey attack against Bank of Valletta. This group seems to be directly related to Carbanak, Anunak and/or FIN7 .

Exploited Vulnerabilities

No exploited CVEs have been attributed to this threat actor yet.

Browse CVE Database