Security News > 2024 > July > FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta.

"AvNeutralizer, a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple ransomware groups," cybersecurity company SentinelOne said in a report shared with The Hacker News.

Over the years, FIN7 has demonstrated a high level of adaptability, sophistication, and technical expertise by retooling its malware arsenal - POWERTRASH, DICELOADER, and a penetration testing tool called Core Impact that's delivered via the POWERTRASH loader - notwithstanding the arrests and sentencing of some of its members.

The latest findings from SentinelOne show that FIN7 has not only used several personas on cybercrime forums to promote the sale of AvNeutralizer, but has also improvised the tool with new capabilities.

SentinelLabs researcher Antonio Cocomazzi told The Hacker News that the advertisement of AvNeutralizer on underground forums shouldn't be treated as a new malware-as-a-service tactic adopted by FIN7 without additional evidence.

"Historically, FIN7 has used underground marketplaces to generate revenue. For example, the DoJ reported that since 2015, FIN7 successfully stole data for more than 16 million payment cards, many of which were sold on underground marketplaces. While this was more common in the pre-ransomware era, the current advertisement of AvNeutralizer could signal a shift or expansion in their strategy."

News URL

https://thehackernews.com/2024/07/fin7-group-advertises-security.html