Security News

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks
2023-05-20 06:49

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p ransomware, marking the threat actor's first ransomware campaign since late 2021. "They then use OpenSSH and Impacket to move laterally and deploy Clop ransomware."

Microsoft: Notorious FIN7 hackers return in Clop ransomware attacks
2023-05-19 17:06

A financially motivated cybercriminal group known as FIN7 resurfaced last month, with Microsoft threat analysts linking it to attacks where the end goal was the deployment of Clop ransomware payloads on victims' networks. "The group was observed deploying the Clop ransomware in opportunistic attacks in April 2023, its first ransomware campaign since late 2021.".

Ex-Conti members and FIN7 devs team up to push new Domino malware
2023-04-17 20:36

Ex-Conti ransomware members have teamed up with the FIN7 threat actors to distribute a new malware family named 'Domino' in attacks on corporate networks. Domino is a relatively new malware family consisting of two components, a backdoor named 'Domino Backdoor,' which in turn drops a 'Domino Loader' that injects an info-stealing malware DLL into the memory of another process.

FIN7 and Ex-Conti Cybercrime Gangs Join Forces in Domino Malware Attacks
2023-04-17 13:50

A new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to use by the members of the now-defunct Conti ransomware gang, indicating collaboration between the two crews. The latest intrusion wave, spotted by IBM Security X-Force two months ago, involves the use of Dave Loader, a crypter previously attributed to the Conti group, to deploy the Domino backdoor.

FIN7 threat actor updated its ransomware activity
2022-12-27 17:53

FIN7 is a threat actor that mostly focuses on stealing financial information, but it also sells sensitive information stolen from companies. FIN7 started using ransomware in 2020, being affiliates of a few of the most active ransomware groups: Sodinokibi, REvil, LockBit and DarkSide.

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape
2022-12-22 13:13

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. The highly active threat group, also known as Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "Cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.

FIN7 hackers create auto-attack platform to breach Exchange servers
2022-12-22 13:00

The notorious FIN7 hacking group uses an automated attack system that exploits Microsoft Exchange and SQL injection vulnerabilities to breach corporate networks, steal data, and select targets for ransomware attacks based on financial size. Next, FIN7's internal 'marketing' team scrutinizes new entries and adds comments on the Checkmarks platform to list victims' current revenue, number of employees, domain, headquarters details, and other information that helps pentesters determine if the firm is worth the time and effort of a ransomware attack.

Researchers Find Links b/w Black Basta Ransomware and FIN7 Hackers
2022-11-03 17:40

A new analysis of tools put to use by the Black Basta ransomware operation has identified ties between the threat actor and the FIN7 group. This link "Could suggest either that Black Basta and FIN7 maintain a special relationship or that one or more individuals belong to both groups," cybersecurity firm SentinelOne said in a technical write-up shared with The Hacker News.

Black Basta ransomware gang linked to the FIN7 hacking group
2022-11-03 10:00

Security researchers at Sentinel Labs have uncovered evidence that links the Black Basta ransomware gang to the financially motivated hacking group FIN7, also known as "Carbanak." When analyzing tools used by the ransomware gang in attacks, the researchers found signs that a developer for FIN7 has also authored the EDR evasion tools used exclusively by Black Basta since June 2022.

FIN7 hacking group returns with new methods and members, what should you look out for?
2022-04-08 12:00

FIN7 hacking group returns with new methods and members, what should you look out for? A report from Mandiant details the resurfacing of the FIN7 hacking group and the collective's use of new hacking tools along with an expanding roster of attackers.