April 18, 2024 at 04:04PM
The FIN7 threat group recently conducted a spear-phishing attack on a major US-based automotive manufacturer, using a malicious URL to install the Anunak backdoor and gain initial access to high-level IT employee accounts. BlackBerry’s threat and research team halted the attack before ransomware deployment. FIN7 has expanded its targets beyond retail and hospitality to include defense, insurance, and transportation sectors. BlackBerry did not disclose the manufacturer’s name.
Key takeaways from the meeting notes:
– FIN7, a Russian APT group, also known as Carbon Spider, ELBRUS, and Sangria Tempest, carried out a spear-phishing campaign targeting a major US-based global automotive manufacturer.
– The attack was thwarted by BlackBerry’s threat and research team before the ransomware phase could be initiated.
– The attackers used a malicious URL to deceive IT employees with high admin-level rights, leveraging the Anunak backdoor to gain initial access to the organization’s systems.
– FIN7 has previously focused on the US retail, hospitality, and restaurant sectors but is now expanding its targets to include defense, insurance, and transportation sectors with a focus on larger entities who may be more willing to pay higher ransoms.
– BlackBerry did not disclose the specific identity of the targeted automotive manufacturer.