Security News > 2021 > August > FIN8 Targets US Bank With New ‘Sardonic’ Backdoor
The financially motivated FIN8 cybergang used a brand-new backdoor - dubbed Sardonic by the Bitdender researchers who first spotted it - in attempted breaches of networks belonging to two unidentified U.S. financial organizations.
It's a nimble newcomer, researchers wrote: "The Sardonic backdoor is extremely potent and has a wide range of capabilities that help the threat actor leverage new malware on the fly without updating components," according to Bitdefender's report.
True to form, in March, Bitdefender spotted FIN8 re-emerging after a period of relative quiet with a new version of the BadHatch backdoor to compromise companies in the chemical, insurance, retail and technology industries.
Besides BadHatch - a backdoor that provides file transfer and reverse-shell functionality - FIN8's well-stocked arsenal has included malware variants such as ShellTea, a backdoor also known as PunchBuggy, and the memory-scraper tool PoSlurp/PunchTrack.
Earlier this week, Bitdefender published a deep dive describing a forensic investigation that led to the discovery of the new backdoor.
During one of the attacks - a recent attack against an unidentified financial institution in the U.S. - FIN8 used a three-stage process to deploy and execute the Sardonic backdoor: A PowerShell script, a.NET loader and downloader shellcode.
News URL
https://threatpost.com/fin8-bank-sardonic-backdoor/168982/