October 3, 2024 at 02:53PM The FIN7 threat group is using artificial intelligence and social engineering in a provocative campaign, advertising a “DeepNude Generator” to trick users into downloading infostealing malware. It also targets corporate users with malvertising. FIN7’s sophisticated tactics demonstrate a persistent and evolving threat, requiring organizations to develop indicators of attack and … Read more
October 2, 2024 at 04:05PM FIN7, a notorious APT hacking group, has launched fake AI-powered deepnude generator sites to spread malware. This Russian group is known for financial fraud and social engineering attacks. The network of fake deepnude sites lures in users with promises of generating explicit images, but actually spreads information-stealing malware. Other campaigns … Read more
August 19, 2024 at 01:51AM Cybersecurity researchers have uncovered new infrastructure associated with FIN7, a financially motivated threat actor. The identified clusters of potential FIN7 activity involve communication with IP addresses assigned to Post Ltd (Russia) and SmartApe (Estonia). The analysis also reveals additional infrastructure linked to FIN7, including IP addresses from Post Ltd and … Read more
July 18, 2024 at 09:50AM Russian cybercrime syndicate FIN7 has been selling its AvNeutralizer malware to various ransomware gangs. The custom security solution-disabling tool is marketed under different pseudonyms and is effective at evading numerous endpoint security products. Researchers have identified the use of the tool by different ransomware campaigns and highlighted the group’s continuous … Read more
July 17, 2024 at 07:18AM Financially motivated threat actor FIN7 has been observed using multiple pseudonyms to promote AvNeutralizer, a tool used by ransomware groups. Known for sophisticated tactics, FIN7 has adapted its malware arsenal and set up front companies to recruit unwitting engineers. The group’s malvertising tactics and latest tool updates highlight its ongoing … Read more
July 17, 2024 at 06:10AM AuKill, a cybercrime tool by FIN7, is evolving to disrupt Windows processes guarded by endpoint detection and response tools. The collective has significantly enhanced their tool, attracting high-level ransomware groups’ attention. By targeting protected processes, AuKill aims to induce a denial-of-service condition, emphasizing the need for robust security solutions against … Read more
May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more
April 18, 2024 at 10:12AM FIN7, a notorious cybercrime group, targeted the U.S. automotive industry through a spear-phishing campaign, deploying the Carbanak backdoor. The group has a history of financially motivated cybercrime and has evolved to conducting ransomware operations. The attack involved a sophisticated multi-stage process, but the infected system was removed early. Organizations are … Read more
April 17, 2024 at 04:44PM FIN7 targeted a U.S. car maker with spear-phishing emails to infect IT systems with the Anunak backdoor. The attack involved living-off-the-land binaries, scripts, and libraries and relied on a malicious URL impersonating legitimate software. The attack did not spread beyond the initial infected system. BlackBerry recommends defenses including MFA, training, … Read more
December 26, 2023 at 02:33AM Cybersecurity firm NCC Group reported that the Carbanak banking malware has been updated to launch ransomware attacks using new tactics and distribution methods, including impersonating business-related software. The attacks have increased, with over 4,000 cases reported in 2023, targeting various sectors globally. Key ransomware families include LockBit, BlackCat, and Play. … Read more