NS Bank

NS Bank is a financial institution whose headquarters is located in Russia, as indicated by the alias used in public reporting and the geographic focus of the incidents in which it has been mentioned. The organisation delivers the standard suite of banking services, including the acceptance of customer deposits, the extension of credit facilities to borrowers, and the processing of domestic and international payments. While its primary market is the Russian Federation, NS Bank has been referenced in the context of Eastern European financial activity, suggesting that its services or client relationships extend beyond the national border. As a participant in the Russian banking sector, the institution operates under the regulatory framework established by the Central Bank of the Russian Federation and other financial supervisory authorities. These core functions place NS Bank among the providers that support everyday financial transactions, savings, and credit flows for individuals and businesses operating within its service area.

In August 2018, NS Bank was specifically named as a target of the financially motivated Cobalt Group, which carried out a spear‑phishing campaign directed at several Eastern European financial institutions. The attackers distributed emails containing weaponized Word documents that concealed obfuscated Visual Basic for Applications scripts and executable files disguised as image attachments, aiming to install malware such as CobInt/COOLPANTS and the 'more_eggs' JavaScript payload. Once executed on a victim’s workstation, these tools enabled the threat actors to establish persistence through modified registry keys, communicate with encrypted command‑and‑control servers, and exfiltrate sensitive data from the compromised environment. The inclusion of NS Bank in this operation indicates that the institution possesses financial information—such as account details, transaction records, or client data—that is of monetary value to cyber‑criminal groups. The public sources consulted for this profile do not disclose further specifics regarding the bank’s size, ownership structure, subsidiary affiliations, or any concrete remedial actions undertaken after the incident.