Security News > 2023 > April > FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks
A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews.
The latest intrusion wave, spotted by IBM Security X-Force two months ago, involves the use of Dave Loader, a crypter previously attributed to the Conti group, to deploy the Domino backdoor.
Domino's potential connections to FIN7 comes from source code overlaps with DICELOADER, a time-tested malware family attributed to the group.
Another crucial link bridging Domino to FIN7 comes from December 2022 that leveraged another loader called NewWorldOrder Loader to deliver both the Domino and Carbanak backdoors.
In November 2022, Microsoft revealed intrusions mounted by a threat actor known as DEV-0569 that leveraged BATLOADER malware to deliver Vidar and Cobalt Strike, the latter of which eventually facilitated human-operated ransomware attacks distributing Royal ransomware.
"The use of malware with ties to multiple groups in a single campaign - such as Dave Loader, Domino Backdoor and Project Nemesis Infostealer - highlights the complexity involved in tracking threat actors but also provides insight into how and with whom they operate," Hammond concluded.
News URL
https://thehackernews.com/2023/04/fin7-and-ex-conti-cybercrime-gangs-join.html
Related news
- DarkGate Malware Exploited Recently Patched Microsoft Flaw in Zero-Day Attack (source)
- From Deepfakes to Malware: AI's Expanding Role in Cyber Attacks (source)
- New BunnyLoader Malware Variant Surfaces with Modular Attack Features (source)
- Over 100 US and EU orgs targeted in StrelaStealer malware attacks (source)
- Escalating malware tactics drive global cybercrime epidemic (source)
- The Biggest Takeaways from Recent Malware Attacks (source)
- Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks (source)
- Microsoft fixes two Windows zero-days exploited in malware attacks (source)
- TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks (source)
- FIN7 targets American automaker’s IT staff in phishing attacks (source)