Fin7 cyber crime group

Cybersecurity researchers have discovered new infrastructure linked to a financially motivated threat actor known as FIN7.

The two clusters of potential FIN7 activity "indicate communications inbound to FIN7 infrastructure from IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia), respectively," Team Cymru said in a report published this week as part of a joint investigation with Silent Push and Stark Industries Solutions.

The findings build on a recent report from Silent Push, which found several Stark Industries IP addresses that are solely dedicated to hosting FIN7 infrastructure.

The latest analysis indicates that the hosts linked to the e-crime group were likely procured from one of Stark's resellers.

"Reseller programs are common in the hosting industry; many of the largest VPS (virtual private server) providers offer such services," the cybersecurity company said. "Customers procuring infrastructure via resellers generally must follow the terms of service outlined by the 'parent' entity."

FIN7 Cybercrime Group

What's more, Team Cymru said it was able to identify additional infrastructure linked to FIN7 activity, including four IP addresses assigned to Post Ltd, a broadband provider operating in Southern Russia and three IP addresses assigned to SmartApe, a cloud hosting provider operating from Estonia.

The first cluster has been observed conducting outbound communications with at least 15 Stark-assigned hosts previously discovered by Silent Push (e.g., 86.104.72[.]16) over the past 30 days. Likewise, the second cluster from Estonia has been identified as communicating with no less than 16 Stark-assigned hosts.


FIN7 Unveiled: A Deep Dive into Notorious Cybercrime Gang

The highly active threat group FIN7 has been continuously broadening their cybercrime horizons and recently added ransomware to its attack arsenal.

FIN7 group is known to hold a notorious status due to their achievement in deploying extensive backdoors in leveraging software supply chains, distributing malicious USB sticks, and cooperating with other groups.

PTI team obtained visibility into the inner workings of the FIN7 threat group and managed to gain information about their organizational structures, identities, attack vectors, infrastructures, proof-supported affiliations with other ransomware groups (such as DarkSide, who were behind the Colonial Pipeline attack in 2021), victim targeting, and other relevant observations. All of the findings are supported by translated conversations among the members of FIN7, including screenshots of their infrastructures.

You can download the full version of the report and the summary of the most important findings.


Comments

Post a Comment

Popular posts from this blog

July 2024 Patch Tuesday Unleashes a Torrent of Updates

to a pair of cowboy fighter pilots (ahem, naval aviators) in  Top Gun . Less well known, but still  Alive And Kicking  (like the song released the same year by Simple Minds), the TIFF image file format also was introduced that year by Aldus Corporation, now known as Adobe. This CVE addresses a critical, easily exploitable vulnerability specific to this 38-year-old file format. A specially-crafted, malicious TIFF file, uploaded to a vulnerable server, could have triggered the server that receives the file to execute malicious code embedded in the TIFF file. Patch your servers to take them out of the danger zone. CVE-2024-38032 – Microsoft Xbox Remote Code Execution Vulnerability Users of the Xbox gaming console who also happen to have a wireless adapter, and connect wirelessly to their local network, should beware of strangers lurking on their network who can attack these devices. The (so far) hypothetical threat is that someone who is connected to your wireless network ca...
Read more

CVE-2023-26369 Adobe acrobat update

Adobe's  Patch Tuesday update  for September 2023 comes with a patch for a critical actively exploited security flaw in Acrobat and Reader that could permit an attacker to execute malicious code on susceptible systems. The vulnerability, tracked as CVE-2023-26369, is rated 7.8 for severity on the CVSS scoring system and impacts both Windows and macOS versions of Acrobat DC, Acrobat Reader DC, Acrobat 2020, and Acrobat Reader 2020. Described as an out-of-bounds write, successful exploitation of the bug could lead to code execution by opening a specially crafted PDF document. Adobe did not disclose any additional details about the issue or the targeting involved. "Adobe is aware that CVE-2023-26369 has been exploited in the wild in limited attacks targeting Adobe Acrobat and Reader," the company  acknowledged  in an advisor CVE-2023-26369 affects the below versions - Acrobat DC (23.003.20284 and earlier versions) - Fixed in 23.006.20320 Acrobat Reader DC (23.003.20284 ...
Read more

US court holds Israeli spyware liable for hacking Meta’s WhatsApp

Image
Gujarat India NRI News Entertainment Sports Lifestyle & Fashion Health Business World Science & Technology VIDEO GUJARATI E-PAPER SEARCH Gujarat Samachar World US court holds Israeli spyware liable for hacking Meta’s WhatsApp Updated: Dec 22nd, 2024 A US court on Friday held in favour of tech giant WhatsApp in a lawsuit accusing Israel’s NSO Group Technologies Ltd of exploiting a bug in the messaging app to install spy software that allowed unauthorised surveillance. US District Judge Phyllis Hamilton in Oakland, California, granted a motion by WhatsApp and found NSO liable for hacking and breach of contract. According to the court document, “WhatsApp filed this lawsuit, alleging that defendants sent malware, using WhatsApp’s system, to approximately 1,400 mobile phones and devices designed to infect those devices to surveil the users of those phones and devices.”  The targets included journalists, human rights activists and dissidents. Among the 1,400 mobile phones th...
Read more