Security News > 2023 > May > Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks
A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the deployment of Clop ransomware payloads on victims' networks.
"The group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021.".
The FBI has warned U.S. companies of USB drive-by attacks coordinated by FIN7, targeting the U.S. defense industry with packages containing malicious USB devices designed to deploy ransomware.
FIN7 operators have also impersonated Best Buy in similar attacks with malicious flash drives via USPS to hotels, restaurants, and retail businesses, packages that also bundled teddy bears to trick the targets into lowering their guard.
Although some FIN7 members have been arrested over the years, the hacking group is still active and going strong, as evidenced by this new round of attacks reported by Microsoft.
In April 2022, FIN7 "Pen tester" Denys Iarmak was sentenced to 5 years in prison for network breaches and credit card theft attacks spanning at least two years.
News URL
Related news
- Microsoft still unsure how hackers stole MSA key in 2023 Exchange attack (source)
- Lazarus Hackers Exploited Windows Kernel Flaw as Zero-Day in Recent Attacks (source)
- CISA warns of Microsoft Streaming bug exploited in malware attacks (source)
- Hackers target FCC, crypto firms in advanced Okta phishing attacks (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Fidelity customers' financial info feared stolen in suspected ransomware attack (source)
- Alert: GhostSec and Stormous Launch Joint Ransomware Attacks in Over 15 Countries (source)
- Duvel says it has "more than enough" beer after ransomware attack (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)