Security News > 2021 > August > FIN8 cybercrime gang backdoors US orgs with new Sardonic malware

FIN8 cybercrime gang backdoors US orgs with new Sardonic malware
2021-08-25 13:00

A financially motivated cybercrime gang has breached and backdoored the network of a US financial organization with a new malware known dubbed Sardonic by Bitdefender researchers who first spotted it.

Sardonic is a new C++-based backdoor the FIN8 threat actors deployed on targets' systems likely via social engineering or spear-phishing, two of the group's favorite attack methods.

A plugin system designed to load and execute further malware payloads delivered as DLLs. During their attack against the US bank, the backdoor was deployed and executed onto victims' systems as part of a three-stage process using a PowerShell script, a.NET loader, and downloader shellcode.

FIN8 operators also tried multiple times to install the Sardonic backdoor on Windows domain controllers to escalate privilege and move laterally through the organization's network.

Bitdefender urges organizations at risk of being targeted by FIN8 to be on alert and check their networks for known FIN8 indicators of compromise.

"FIN8 continues to strengthen its capabilities and malware delivery infrastructure. The highly skilled financial threat actor is known to take long breaks to refine tools and tactics to avoid detection before it strikes viable targets," Bitdefender's Cyber Threat Intelligence Lab researchers concluded.


News URL

https://www.bleepingcomputer.com/news/security/fin8-cybercrime-gang-backdoors-us-orgs-with-new-sardonic-malware/