Security News

Another member of notorious cybercrime ring FIN7 is headed to jail after the gang breached major companies' networks across the US and stole more than $1 billion from these businesses' customers. Ukrainian-born Denys Iarmak, 32, who worked as a penetration tester for the criminal group, was sentenced to five years in prison for his affiliation with FIN7.

"Denys Iarmak, a Ukrainian member and a"pen tester for the FIN7 financially-motivated hacking group, was sentenced on Thursday to 5 years in prison for breaching victims' networks and stealing credit card information for roughly two years, between November 2016 and November 2018. Iarmak is the third FIN7 member sentenced in the US after Fedir Hladyr received ten years in prison on April 16, 2021, and Andrii Kolpakov got seven years on June 24, 2021, following their 2018 arrest.

The notorious cybercrime group known as FIN7 has diversified its initial access vectors to incorporate software supply chain compromise and the use of stolen credentials, new research has revealed. "Data theft extortion or ransomware deployment following FIN7-attributed activity at multiple organizations, as well as technical overlaps, suggests that FIN7 actors have been associated with various ransomware operations over time," incident response firm Mandiant said in a Monday analysis.

A rich new set of FIN7 indicators of compromise based on the analysis of novel malware samples has been published by researchers at Mandiant, who continue to observe and track the group's operations. In some intrusions, FIN7 was observed tweaking the functionality and adding new features to PowerPlant, and deploying the new version in the middle of the operation.

Ransomware gangs are mailing malicious USB drives, posing as the U.S. Department of Health and Human Services and/or Amazon to target the transportation, insurance, and defense industries for ransomware infection, the FBI warned on Friday. FIN7 got into the ransomware/data exfiltration game, with its activities involving REvil or Ryuk as the payload. The FBI said that over the past several months, FIN7 has mailed the malicious USB devices to US companies, in hopes that somebody would plug in the drives, infect systems with malware and thus set them up for future ransomware attacks.

It's not the first time FIN7 has masqueraded as a legitimate security firm, but this latest gambit showcases its continued expansion into the ransomware area, researchers noted. It added that with willing accomplices, FIN7 would be forced to share a percentage of ransom payments - but "FIN7's fake company scheme enables the operators of FIN7 to obtain the talent that the group needs to carry out its criminal activities, while simultaneously retaining a larger share of the profits."

The FIN7 hacking group is attempting to join the highly profitable ransomware space by creating fake cybersecurity companies that conduct network attacks under the guise of pentesting.The Gemini researchers found that FIN7 was offering between $800 and $1,200 per month to recruit C++, PHP, and Python programmers, Windows system administrators, and reverse engineering specialists by following tips from an unnamed source.

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale service provider located in the U.S. The attacks, which are believed to have taken place between late June to late July 2021, have been attributed with "Moderate confidence" to a financially motivated threat actor dubbed FIN7, according to researchers from cybersecurity firm Anomali. "The group's goal appears to have been to deliver a variation of a JavaScript backdoor used by FIN7 since at least 2018.".

The FIN7 financial cybercrime gang is back, delivering JavaScript backdoors using Word documents themed around the next version of Windows. That's according to researchers at Anomali, who observed a recent campaign from the group that leveraged six different docs, all referencing "Windows 11 Alpha" - the "Insider Preview" version of the upcoming Windows 11 operating system from Microsoft.

Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. According to eSentire's Threat Response Unit, the successful breach for FIN7 was part of a wider, non-targeted email campaign.