BEST OF THE WEB

FIN7 activities detailed by Prodaft Cyber researchers

The analysis of FIN7, a Russian advanced persistent threat (APT) group known for ransomware, espionage, and creating fake infosec firms to deceive security experts, by Prodaft Cyber has revealed details about FIN7’s mode of operation.

The group’s leader, Alex, lives in Russia, while the majority of the pen-testers and developers live in Ukraine, according to the researchers. Furthermore, the group has compromised over 8,147 victims, from the United States China, Germany, Canada, Italy, and the United Kingdom.

The Prodaft report uncovered links between FIN7 and other threat actors such as DarkSide, REvil, and LockBit. FIN7’s intrusion techniques, according to the report, have progressed past conventional social engineering to include infected USB drives, software supply chain compromise, and the use of stolen credentials obtained from underground markets. To gain a foothold in target environments, it also exploits several Microsoft Exchange flaws, including CVE-2020-0688, CVE-2021-42321, ProxyLogon, and ProxyShell.

It identifies high-profit firms and organizations and monitors traffic to their websites. Data is stolen, files are encrypted, and the ransom is calculated based on the company’s revenue. As part of its illegal money-making scheme, it also resells access to other ransomware groups and re-targets victims, emphasizing its efforts to minimize effort and maximize profits.

Checkmarks, designed to automate mass scans for vulnerable Microsoft Exchange servers and other public-facing web applications, is one of FIN7’s other tools, as is Cobalt Strike for post-exploitation.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staffhttp://www.itworldcanada.com/
The online resource for Canadian Information Technology professionals.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web