Security News > 2023 > July > FIN8 deploys ALPHV ransomware using Sardonic malware variant
A financially motivated cybercrime gang has been observed deploying BlackCat ransomware payloads on networks backdoored using a revamped Sardonic malware version.
While their attacks' end goal revolves around stealing payment card data from Point-of-Sale systems, FIN8 has expanded from point-of-sale to ransomware attacks to maximize profits.
Six months later, in January 2022, White Rabbit ransomware was also linked to FIN8 after researchers discovered links to the gang's infrastructure when analyzing the ransomware's deployment stage.
The Sardonic backdoor was also used during the White Rabbit ransomware attacks, further linking them to FIN8.
In a more recent development, Symantec also spotted FIN8 hackers deploying BlackCat ransomware in the December 2022 attacks where the new Sardonic malware variant was used.
FIN8 cybercrime gang backdoors US orgs with new Sardonic malware.