FIN7’s Liquor Lure Compromises Law Firm with Backdoor

2021-07-23 16:24

Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey.

According to eSentire's Threat Response Unit, the successful breach for FIN7 was part of a wider, non-targeted email campaign.

"One of the victims of the malicious legal complaint campaign was a law firm," researchers said in a posting this week.

"The lure successfully bypassed the law firm's email filters, and it was not detected as suspicious by any of the firm's employees."

While using such a specific lure lawsuit in a wide-scale campaign may seem counterintuitive, it can net lucrative fish, researchers noted.

This isn't the only activity from FIN7 of late; researchers have also observed a campaign using a USPS mail delivery notification lure, and a campaign themed with Windows 11 that delivered the JSSLoader malware.

News URL

https://threatpost.com/fin7s-liquor-lure-law-firm-backdoor/168086/

#backdoor #compromise #fin7