A cyber-gang targeting financial and telecommunications institutions primarily in Ukraine and Russia. The attackers frequently sent a spear-phishing email that contained the Carbanak backdoor. Once gaining access to the network, they used various tools for lateral movement until they reached their endpoint: a PC or server that could be used to extract the desired data or money from their target.