The financially motivated threat actor known as FIN8 has been observed using a “revamped” version of a backdoor called Sardonic to deliver the BlackCat ransomware.
According to the Symantec Threat Hunter Team, part of Broadcom, the development is an attempt on the part of the e-crime group to diversify its focus and maximize profits from infected entities. The intrusion attempt took place in December 2022.
FIN8 is being tracked by the cybersecurity company under the name Syssphinx. Known to be active since at least 2016, the adversary was originally attributed to attacks targeting point-of-sale (PoS) systems using malware such as PUNCHTRACK and BADHATCH.
The group resurfaced after more than a year in March 2021 with an updated version of BADHATCH, following it up with a completely new bespoke implant called Sardonic, which was disclosed by Bitdefender in August 2021.
images from Hacker News