Browsing tag
The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). “FIN7 identified employees at the company who worked in the IT department and had higher levels of administrative rights,” the BlackBerry research and intelligence team said in […]
The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. “The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness,” cybersecurity firm NCC Group said in an analysis of ransomware attacks that took place in November 2023. “Carbanak returned last month through new distribution […]
The notorious cybercrime group known as FIN7 has been observed deploying Cl0p (aka Clop) ransomware, marking the threat actor’s first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria Tempest. “In these recent attacks, Sangria Tempest uses the PowerShell script […]
A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The malware, dubbed Domino, is primarily designed to facilitate follow-on exploitation on compromised systems, including delivering a lesser-known information […]
An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate’s organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSide, REvil, and LockBit families. The highly active threat group, also known as Carbanak, […]
A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 (aka Carbanak) group. This link “could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups,” cybersecurity firm SentinelOne said […]
The financially motivated FIN7 cybercrime gang has masqueraded as yet another fictitious cybersecurity company called “Bastion Secure” to recruit unwitting software engineers under the guise of penetration testing in a likely lead-up to a ransomware scheme. “With FIN7’s latest fake company, the criminal group leveraged true, publicly available information from various legitimate cybersecurity companies to […]
A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale (PoS) service provider located in the U.S. The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with […]
A Ukrainian national and a mid-level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a “pen tester” and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33, was arrested in Spain on […]
A high-level manager and systems administrator associated with the FIN7 threat actor has been sentenced to 10 years in prison, the U.S. Department of Justice announced Friday. Fedir Hladyr, a 35-year-old Ukrainian national, is said to have played a crucial role in a criminal scheme that compromised tens of millions of debit and credit cards, […]
According to digital forensics specialists, the hacker group identified as FIN7 has developed a new malicious tool, capable of delivering payloads directly into the memory of the targeted system, as well as including a module that establishes a connection to the remote control software used by NCR Corporation, an ATM manufacturer. The experts, members of […]
Researchers discovered 2 new hacking tools called BOOSTWRITE and RDFSNIFFER that were added in FIN7 groups malware arsenal with sophisticated capabilities and techniques. FireEye Mandiant investigators uncovered that these new hacking tools were added for hijacking the DLL load order of the legitimate Aloha utility and load the malware. The Tool named BOOSTWRITE is a […]
Three members of a ‘prolific’ and ‘notorious’ hacking group, known for carrying out massive hacking sprees against high-profile organizations have been arrested by the Federal Bureau of Investigation (FBI). According to the US Department of Justice (DOJ), the arrested individuals were leading the global cybercrime syndicate known as Fin7. The group has stolen over 15m […]
Apparently, FIN7 hackers are behind the breach – The same group was behind targeting Trump Hotels. The Hudson’s Bay owned Lord & Taylor and Saks Fifth Avenue department stores have suffered a massive data breach in which 5 million payment cards data of its customers have been stolen and available on the dark web for […]
The FIN7 hacking group has been targeting organizations from the retail sector of late, and Security Research Team from ICEBERG was busy tracking the activities of FIN7. According to their findings, FIN7 is exploiting victims in the retail industry using various phishing techniques and continuously adapting phishing documents to evade detection. After compromising the Point […]