Security News

FIN7 Deploys Anubis Backdoor to Hijack Windows Systems via Compromised SharePoint Sites
2025-04-02 06:52

The financially motivated threat actor known as FIN7 has been linked to a Python-based backdoor called Anubis (not to be confused with an Android banking trojan of the same name) that can grant...

FIN7, FIN8, and Others Use Ragnar Loader for Persistent Access and Ransomware Operations
2025-03-07 14:15

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous...

FIN7 hackers launch deepfake nude “generator” sites to spread malware
2024-10-02 20:01

The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. [...]

Researchers Uncover New Infrastructure Tied to FIN7 Cybercrime Group
2024-08-19 05:43

Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7. The two clusters of potential FIN7 activity "indicate communications...

Russia’s FIN7 is peddling its EDR-nerfing malware to ransomware gangs
2024-07-18 13:40

Prolific Russian cybercrime syndicate FIN7 is using various pseudonyms to sell its custom security solution-disabling malware to different ransomware gangs. AvNeutralizer malware was previously thought to be solely linked to the Black Basta group, but fresh research has uncovered various underground forum listings of the malicious software now believed to be created by FIN7 operatives.

FIN7 sells improved EDR killer tool
2024-07-18 12:32

The cybercrime-focused enterprise known as FIN7 has come up with yet another trick to assure the effectiveness of its "EDR killer" tool, dubbed AvNeutralizer by researchers. They spotted the tool being offered for sale on underground forums by several sellers/personas, which they suspect to be part of the FIN7 cluster.

Notorious FIN7 hackers sell EDR killer to other threat actors
2024-07-17 21:11

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. The same threat actors are also likely tied to the BlackCat ransomware operation, which recently conducted an exit scam after stealing a UnitedHealth ransom payment.

FIN7 Group Advertises Security-Bypassing Tool on Dark Web Forums
2024-07-17 10:33

The financially motivated threat actor known as FIN7 has been observed using multiple pseudonyms across several underground forums to likely advertise a tool known to be used by ransomware groups like Black Basta. "AvNeutralizer, a highly specialized tool developed by FIN7 to tamper with security solutions, has been marketed in the criminal underground and used by multiple ransomware groups," cybersecurity company SentinelOne said in a report shared with The Hacker News.

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT
2024-05-11 07:29

The financially motivated threat actor known as FIN7 has been observed leveraging malicious Google ads spoofing legitimate brands as a means to deliver MSIX installers that culminate in the...

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor
2024-04-18 13:58

The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak (aka Anunak). "FIN7...