Security News > 2023 > May > Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks
A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the deployment of Clop ransomware payloads on victims' networks.
"The group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021.".
The FBI has warned U.S. companies of USB drive-by attacks coordinated by FIN7, targeting the U.S. defense industry with packages containing malicious USB devices designed to deploy ransomware.
FIN7 operators have also impersonated Best Buy in similar attacks with malicious flash drives via USPS to hotels, restaurants, and retail businesses, packages that also bundled teddy bears to trick the targets into lowering their guard.
Although some FIN7 members have been arrested over the years, the hacking group is still active and going strong, as evidenced by this new round of attacks reported by Microsoft.
In April 2022, FIN7 "Pen tester" Denys Iarmak was sentenced to 5 years in prison for network breaches and credit card theft attacks spanning at least two years.
News URL
Related news
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- Chinese hackers targeted sanctions office in Treasury attack (source)
- French govt contractor Atos denies Space Bears ransomware attack claims (source)
- Casio says data of 8,500 people exposed in October ransomware attack (source)
- Preventing the next ransomware attack with help from AI (source)
- Ransomware on ESXi: The mechanization of virtualized attacks (source)
- Hackers exploit critical Aviatrix Controller RCE flaw in attacks (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)