FIN7 hackers evolve toolset, work with multiple ransomware gangs

Correlate

Level 16
Thread author
Verified
Top poster
Well-known
May 4, 2019
741
Threat analysts have compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.

FIN7 (a.k.a. Carbanak) is a Russian-speaking, financially motivated actor known for its resourceful and diverse set of tactics, custom-made malware, and stealthy backdoors.
Although some members of the group were indicted in 2018, followed by the sentencing of one of its managers in 2021, FIN7 did not disappear and kept developing new tools for stealthy attacks.
A rich new set of FIN7 indicators of compromise based on the analysis of novel malware samples has been published by researchers at Mandiant, who continue to observe and track the group’s operations.
The evidence gathered from a range of cyber-intrusions has led the analysts to merge eight previously suspected UNC groups into FIN7, which indicates the broad scope of operations for the particular group.