Security News > 2024 > July > Notorious FIN7 hackers sell EDR killer to other threat actors

Notorious FIN7 hackers sell EDR killer to other threat actors
2024-07-17 21:11

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks.

The same threat actors are also likely tied to the BlackCat ransomware operation, which recently conducted an exit scam after stealing a UnitedHealth ransom payment.

FIN7 hackers are also tracked under other names, including Sangria Tempest, Carbon Spider, and the Carbanak Group.

In a new report by SentinelOne, researchers say that one of the custom tools created by FIN7 is "AvNeutralizer", a tool used to kill security software that was first spotted in attacks by the BlackBasta ransomware operation in 2022.

Further research revealed that threat actors operating under the aliases "Goodsoft", "Lefroggy", "KillerAV" and "Stupor" had been selling an "AV Killer" on Russian-speaking hacking forums since 2022 for prices ranging from $4,000 to $15,000.

The threat actors claimed that this tool could be used to kill any antivirus/EDR software, including Windows Defender and products from Sophos, SentinelOne, Panda, Elastic, and Symantec.


News URL

https://www.bleepingcomputer.com/news/security/notorious-fin7-hackers-sell-edr-killer-to-other-threat-actors/