Select Page

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate’s organizational hierarchy, alongside unravelling its role as an affiliate for mounting ransomware attacks.

It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct ransomware DarkSideREvil, and LockBit families.

The highly active threat group, also known as Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its “cybercrime horizons,” including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.

More than 8,147 victims have been compromised by the financially motivated adversary across the world, with a majority of the entities located in the U.S. Other prominent countries include China, Germany, Canada, Italy, and the U.K.

FIN7’s intrusion techniques, over the years, have further diversified beyond traditional social engineering to include infected USB drives, software supply chain compromise, and the use of stolen credentials purchased from underground markets.

images from Hacker News