home.social

#fin7 — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #fin7, aggregated by home.social.

  1. One Step Ahead in Cyber Hide-and-Seek: Automating Malicious Infrastructure Discovery With Graph Neural Networks
    #FIN7
    unit42.paloaltonetworks.com/gr

  2. The Russian cybercrime group FIN7 ran a network of fake AI undressing sites that delivered credential stealing malware to those who uploaded pictures. I gotta say, this is one group of cybercrime victims that I don't feel sorry for.

    silentpush.com/blog/fin7-malwa

    #FIN7 #Russia #Cybercrime #NetSupport #NetSupportRAT #RAT #Malware #CredentialTheft #AI #Deepfake #Deepfakes #DeepNude #DeepNueds #SilentPush

  3. Additionally, our report takes a look at landing pages impersonating popular software websites, masquerading malware as legitimate installers.

    Multiple intrusion sets like #FIN7 and #BlackCat affiliates used this distribution technique.

  4. Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) go.onapsis.com/threat-report/c

    #SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta

  5. Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) go.onapsis.com/threat-report/c

    #SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta

  6. Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) go.onapsis.com/threat-report/c

    #SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta

  7. Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) go.onapsis.com/threat-report/c

    #SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta

  8. Onapsis and Flashpoint produced a 29 report on the cyber threat landscape for SAP applications over the past 4 years. SAP is the world's largest provider of enterprise application software. The report highlights the material risk of SAP ransomware attacks and the growing maturity of cybercriminal capabilities. Their appendices at the bottom list known SAP vulnerabilities (if they're on CISA's Known Exploited Vulnerabilities (KEV) Catalog), as well as MITRE ATT&CK techniques associated with SAP exploitation, and threat actors (financially motivated and ransomware groups) targeting SAP-using organizations. 🔗 (PDF) go.onapsis.com/threat-report/c

    #SAP #vulnerability #cybercrime #threatintel #FIN13 #CobaltSpider #FIN7 #BlackCat #AlphV #BianLian #BlackBasta

  9. BlackBerry reports on a spear-phishing campaign in late 2023 by the financially motivated FIN7 targeting a large U.S. automotive manufacturer. They targeted IT department employees with admin rights using a free IP scanning tool, to deloy Anunak backdoor. FIN7 performed living off the land binaries, scripts and libraries (lolbas). MITRE ATT&CK TTPs and IOC provided. 🔗 blogs.blackberry.com/en/2024/0

    #FIN7 #threatintel #cybercrime #IOC

  10. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  11. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  12. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  13. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  14. Another week, another newsletter - catch up on the week's infosec news here:

    opalsec.substack.com/p/soc-gou

    Researchers have found that nearly two years on, 2 in 3 installs of #Apache #Superset are still using default Flask Secret Keys - a configuration flaw which would allow an attacker to forge session cookies and access said servers with full administrative privileges.

    #Kritec is a commodity #skimmer found installed on compromised #Magecart sites, with its code heavily obfuscated and customised to match the site's aesthetic in order to con users out of credit card details.

    #FIN7 look to be popping instances of the #Veeam backup software that are unpatched for a recent vulnerability; a revised #ViperSoftX #infostealer now targets #1password and #keepass password vaults, and #TA505 deliver a new infostealer through a #GoogleAds campaign

    #LockBit & #CL0P ransomware affiliates have been abusing a month-old vulnerability in the #PaperCut print management software to drop ransomware. With the cat out of the bag, security researchers have decided now is a great time to drop a PoC exploit on Github - I mean, why not let the skiddies get in on the action too, right?

    The #blueteam have some great research worth reading on #Smishing via #AWS; detections for #SliverC2 and different implementations of #PsExec, as well as #Sigma integration for #SentinelOne and a #KQL hack for monitoring LOLDrivers.

    Have a great week ahead folks, I hope this newsletter proves helpful!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #newsletter #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #affiliate #dfir #soc #threatintel #threatintelligence #threathunting #detection #threatdetection #detectionengineering #flask #python #fraud #malvertising #clop #PoC #exploit #securityresearch #LOLBAS #LOLBIN #BYOVD

  15. It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

    opalsec.substack.com/p/soc-gou

    Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

    #Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

    There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

    The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

    TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

    The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

    The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

    This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day

  16. It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

    opalsec.substack.com/p/soc-gou

    Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

    #Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

    There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

    The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

    TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

    The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

    The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

    This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day

  17. It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

    opalsec.substack.com/p/soc-gou

    Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

    #Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

    There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

    The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

    TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

    The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

    The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

    This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day

  18. It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

    opalsec.substack.com/p/soc-gou

    Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

    #Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

    There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

    The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

    TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

    The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

    The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

    This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day

  19. It's been a heck of a week, with tonnes of great research and tooling that I'm sure you're going to get a kick out of - check out our wrap-up for all the news!:

    opalsec.substack.com/p/soc-gou

    Kaspersky researchers shone a light on the Dark Web trade in Google Play Loaders - a service to help inject malware into legitimate, and supposedly vetted apps, with guarantees of >1 week up-time and the option to boost your spread with targeted Ads.

    #Nokoyawa ransomware have clearly got some talent on their team, having abused a #CLFS 0-day prior to Microsoft patching it last week - one of 5 different exploits they've used, mind you - and they appear to have a new, distinct ransomware strain in rotation, too.

    There's heaps more great threat reporting, including a report that #FIN7 and former #Conti (#FIN12/#WizardSpider) members are collaborating on a new backdoor, and a crypto-mining campaign that may be the canary in the coal mine, indicating broader uptake of BYOVD and IPFS by low-level operators.

    The #QueueJumper vulnerability from last week looks primed to explode in coming days, with a no-fix vulnerability in Microsoft Intune capping off a lousy week for Windows admins struggling to keep their networks secure.

    TOOLING. Ooooh boy, this was a good week for tooling and tradecraft, ladies and gentlemen.

    The #redteam have a new port of the SharpHound AD enumeration tool for Cobalt Strike; a great reference piece on leveraging stolen Office tokens to bypass MFA and access cloud workloads, and a list of keywords to avoid when crafting stealthy PowerShell scripts.

    The #blueteam have a script to help tweak VM settings to circumvent malware anti-analysis checks; Procmon for macOS, and a lightweight bastion host to help redirect and record traffic sent to honeypots in your network.

    This was a fun one to write up, with heaps of interesting reads and takeaways to be had. Get amongst it!

    opalsec.substack.com/p/soc-gou

    #infosec #cyber #news #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #vulnerability #vulnerabilities #malware #ransomware #dfir #soc #threatintel #threatintelligence #darkweb #microsoft #azure #mfa #mfabypass #cobaltstrike #bloodhound #sharphound #byovd #ipfs #intune #GooglePlay #Android #zeroday #0day

  20. From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.

    It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.

    The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
    thehackernews.com/2022/12/fin7

  21. From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.

    It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.

    The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
    thehackernews.com/2022/12/fin7

  22. From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.

    It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.

    The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
    thehackernews.com/2022/12/fin7

  23. From #THN: "An exhaustive analysis of #FIN7 has unmasked the #cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks.

    It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct #ransomware #DarkSide, #REvil, and #LockBit families.

    The highly active threat group, also known as #Carbanak, is known for employing an extensive arsenal of tools and tactics to expand its "cybercrime horizons," including adding ransomware to its playbook and setting up fake security companies to lure researchers into conducting ransomware attacks under the guise of penetration testing.
    thehackernews.com/2022/12/fin7

  24. Wow. This is an absolutely fascinating read by #Prodaft about #FIN7 and #ThreatIntel well worth the name.

    I encourage everyone to take the time to browse and read this FREE report.

    prodaft.com/resource/detail/fi