Security News > 2022 > December > FIN7 hackers create auto-attack platform to breach Exchange servers
The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.
Next, FIN7's internal 'marketing' team scrutinizes new entries and adds comments on the Checkmarks platform to list victims' current revenue, number of employees, domain, headquarters details, and other information that helps pentesters determine if the firm is worth the time and effort of a ransomware attack.
Prodaft says FIN7's Checkmarks platform has already been used to infiltrate 8,147 companies, primarily based in the United States, after scanning over 1.8 million targets.
In November 2022, Sentinel Labs uncovered evidence that connected the FIN7 group to the Black Basta ransomware gang, while earlier, in April 2022, Mandiant linked the Russian hackers to Darkside operations.
One notable detail from these logs is that FIN7 likes to maintain a SSH backdoor on extorted ransomware victims' networks even after ransoms are paid, either to sell access to other groups or to try a new attack themselves in the future.
FIN7's Checkmarks platform illustrates how threat actors are industrializing public exploits to perform wide-scale attacks with a global impact.
News URL
Related news
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Schneider Electric confirms dev platform breach after hacker steals data (source)
- Nokia investigates breach after hacker claims to steal source code (source)
- Canadian Suspect Arrested Over Snowflake Customer Breach and Extortion Attacks (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)