Security News > 2023 > April > FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks
A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews.
The latest intrusion wave, spotted by IBM Security X-Force two months ago, involves the use of Dave Loader, a crypter previously attributed to the Conti group, to deploy the Domino backdoor.
Domino's potential connections to FIN7 comes from source code overlaps with DICELOADER, a time-tested malware family attributed to the group.
Another crucial link bridging Domino to FIN7 comes from December 2022 that leveraged another loader called NewWorldOrder Loader to deliver both the Domino and Carbanak backdoors.
In November 2022, Microsoft revealed intrusions mounted by a threat actor known as DEV-0569 that leveraged BATLOADER malware to deliver Vidar and Cobalt Strike, the latter of which eventually facilitated human-operated ransomware attacks distributing Royal ransomware.
"The use of malware with ties to multiple groups in a single campaign - such as Dave Loader, Domino Backdoor and Project Nemesis Infostealer - highlights the complexity involved in tracking threat actors but also provides insight into how and with whom they operate," Hammond concluded.
News URL
https://thehackernews.com/2023/04/fin7-and-ex-conti-cybercrime-gangs-join.html
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- New IOCONTROL malware used in critical infrastructure attacks (source)
- FBI spots HiatusRAT malware attacks targeting web cameras, DVRs (source)
- Rspack npm Packages Compromised with Crypto Mining Malware in Supply Chain Attack (source)