Security News > 2021 > August > Researchers Uncover FIN8's New Backdoor Targeting Financial Institutions
A financially motivated threat actor notorious for setting its sights on retail, hospitality, and entertainment industries has been observed deploying a completely new backdoor on infected systems, indicating the operators are continuously retooling their malware arsenal to avoid detection and stay under the radar.
The previously undocumented malware has been dubbed "Sardonic" by Romanian cybersecurity technology company Bitdefender, which it encountered during a forensic investigation in the wake of an unsuccessful attack carried out by FIN8 aimed at an unnamed financial institution located in the U.S. Said to be under active development, "Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," Bitdefender researchers Eduard Budaca and Victor Vrabie said in a report shared with The Hacker News.
Since emerging on the scene in January 2016, FIN8 has leveraged a multitude of techniques such as spear-phishing and malicious software such as PUNCHTRACK and BADHATCH to steal payment card data from point-of-sale systems.
In the latest incident analyzed by the firm, the attackers are said to have infiltrated the target network to conduct detailed reconnaissance, before carrying out lateral movement and privilege escalation activities to deploy the malware payload. "There were multiple attempts to deploy the Sardonic backdoor on domain controllers in order to continue with privilege escalation and lateral movement, but the malicious command lines were blocked," the researchers said.
The latest development is yet another sign of FIN8's shift in tactics by strengthening its capabilities and malware delivery infrastructure.
To mitigate the risk associated with financial malware, companies are recommended to separate their POS networks from those used by employees or guests, train employees to better spot phishing emails, and improve email security solutions to filter potentially suspicious attachments.