Security News > 2022 > December > FIN7 hackers create auto-attack platform to breach Exchange servers

The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size.

Next, FIN7's internal 'marketing' team scrutinizes new entries and adds comments on the Checkmarks platform to list victims' current revenue, number of employees, domain, headquarters details, and other information that helps pentesters determine if the firm is worth the time and effort of a ransomware attack.

Prodaft says FIN7's Checkmarks platform has already been used to infiltrate 8,147 companies, primarily based in the United States, after scanning over 1.8 million targets.

In November 2022, Sentinel Labs uncovered evidence that connected the FIN7 group to the Black Basta ransomware gang, while earlier, in April 2022, Mandiant linked the Russian hackers to Darkside operations.

One notable detail from these logs is that FIN7 likes to maintain a SSH backdoor on extorted ransomware victims' networks even after ransoms are paid, either to sell access to other groups or to try a new attack themselves in the future.

FIN7's Checkmarks platform illustrates how threat actors are industrializing public exploits to perform wide-scale attacks with a global impact.

News URL

https://www.bleepingcomputer.com/news/security/fin7-hackers-create-auto-attack-platform-to-breach-exchange-servers/