July 18, 2024 at 09:50AM Russian cybercrime syndicate FIN7 has been selling its AvNeutralizer malware to various ransomware gangs. The custom security solution-disabling tool is marketed under different pseudonyms and is effective at evading numerous endpoint security products. Researchers have identified the use of the tool by different ransomware campaigns and highlighted the group’s continuous … Read more
July 17, 2024 at 07:18AM Financially motivated threat actor FIN7 has been observed using multiple pseudonyms to promote AvNeutralizer, a tool used by ransomware groups. Known for sophisticated tactics, FIN7 has adapted its malware arsenal and set up front companies to recruit unwitting engineers. The group’s malvertising tactics and latest tool updates highlight its ongoing … Read more
July 17, 2024 at 06:10AM AuKill, a cybercrime tool by FIN7, is evolving to disrupt Windows processes guarded by endpoint detection and response tools. The collective has significantly enhanced their tool, attracting high-level ransomware groups’ attention. By targeting protected processes, AuKill aims to induce a denial-of-service condition, emphasizing the need for robust security solutions against … Read more
May 11, 2024 at 03:45AM FIN7, a financially motivated threat actor, has used malicious Google ads to imitate reputable brands, such as AnyDesk and Google Meet, to spread the NetSupport RAT. The group has evolved from targeting point-of-sale systems to launching ransomware campaigns and has expanded its malware arsenal. This activity has prompted Microsoft to … Read more
April 18, 2024 at 10:12AM FIN7, a notorious cybercrime group, targeted the U.S. automotive industry through a spear-phishing campaign, deploying the Carbanak backdoor. The group has a history of financially motivated cybercrime and has evolved to conducting ransomware operations. The attack involved a sophisticated multi-stage process, but the infected system was removed early. Organizations are … Read more
April 17, 2024 at 04:44PM FIN7 targeted a U.S. car maker with spear-phishing emails to infect IT systems with the Anunak backdoor. The attack involved living-off-the-land binaries, scripts, and libraries and relied on a malicious URL impersonating legitimate software. The attack did not spread beyond the initial infected system. BlackBerry recommends defenses including MFA, training, … Read more
December 26, 2023 at 02:33AM Cybersecurity firm NCC Group reported that the Carbanak banking malware has been updated to launch ransomware attacks using new tactics and distribution methods, including impersonating business-related software. The attacks have increased, with over 4,000 cases reported in 2023, targeting various sectors globally. Key ransomware families include LockBit, BlackCat, and Play. … Read more
November 29, 2023 at 01:20PM Since April 2022, Black Basta, a Russia-linked ransomware gang, has obtained over $100 million from double extortion attacks on over 329 entities worldwide. Around 35% of its 90+ victims have paid ransoms, including multi-million dollar settlements. The group may originate from the disbanded Conti gang or have FIN7 ties. **Meeting … Read more