The Carbanak cybergang which facilitated the heist of $1 billion from banks around the world last year, was linked to the Russian security firm Infocube.
Private security researcher Ron Guilmette claimed to have found commonalities in the original registration records for several domains that had previously been responsible for pushing malware known to be used by the cybergang, according to a July 18 Krebs on Security blog post.
Guilmette said three domains that were documented as distribution hubs for the Carbanak malware used the same contact information which belonged to a Chinese firm named Xicheng Co., the post said.
He then linked the contact information to at least 484 domains - 304 of which had previously been linked to Carbanak activity.
Guilmette said one of the domains that hadn't been launching malware appeared to be the sister property to Infocube.