Security News > 2022 > December > FIN7 hackers create auto-attack platform to breach Exchange servers
The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.
Next, FIN7's internal 'marketing' team scrutinizes new entries and adds comments on the Checkmarks platform to list victims' current revenue, number of employees, domain, headquarters details, and other information that helps pentesters determine if the firm is worth the time and effort of a ransomware attack.
Prodaft says FIN7's Checkmarks platform has already been used to infiltrate 8,147 companies, primarily based in the United States, after scanning over 1.8 million targets.
In November 2022, Sentinel Labs uncovered evidence that connected the FIN7 group to the Black Basta ransomware gang, while earlier, in April 2022, Mandiant linked the Russian hackers to Darkside operations.
One notable detail from these logs is that FIN7 likes to maintain a SSH backdoor on extorted ransomware victims' networks even after ransoms are paid, either to sell access to other groups or to try a new attack themselves in the future.
FIN7's Checkmarks platform illustrates how threat actors are industrializing public exploits to perform wide-scale attacks with a global impact.
News URL
Related news
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers Exploit Misconfigured YARN, Docker, Confluence, Redis Servers for Crypto Mining (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Chinese Earth Krahang hackers breach 70 orgs in 23 countries (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)