Although developers of Cobalt Strike framework released updates in January and May of this year…
In 2018 were arrested three Ukrainian citizens that were called key figures in FIN7. Nevertheless, when “Kaspersky Lab” researchers analyzed malware operations, in which were used typical for FIN7 attacks in 2017-2018 techniques and procedure, (TTP), they concluded that group continues its activity.
Also was discovered some resemblance to campaigns that were conducted to other bands that borrowed or copied TTP from FIN7.
During the last year group continued attacking organizations with the use of thoughtful targeted fishing. Its peculiar trait was mastery of social engineering techniques. In some cases, prior to sending victim a letter that exchanged correspondence with it for several weeks.
“The emails were efficient social-engineering attempts that appealed to a vast number of human emotions (fear, stress, anger, etc.) to elicit a response from their victims”, – write experts.
One of the domains that were used during fishing campaigns in 2018 contained nearly 130 users’ names, that made experts from “Kaspersky Lab” concluded that attackers hacked 130 companies.
List of recent FIN7 victims include banks in Europe and Central America. In the recent year group have stolen approximately €13 million from Bank of Valleta on Malta.
Arsenal of FIN7 includes JavaScript-backdoor Griffin, malware software Cobalt/Meterpreter, and in the recent attacks group used famous set of instruments known as Powershell Empire.
In September 2018, right after three group members were arrested, experts discovered in the group’s arsenal AveMaria, a new botnet. AveMaria is a classic bot for stealing of versatile credentials, and is applicable in browsers, messengers, email clients etc. In addition, malware can play role of a keylogger. Since the beginning of the year, experts of Kaspersky Laboratory received more than 1300 AveMaria samples and extracted 130 C&C servers.
During 2018, Europol and DoJ announced the arrest of the leader of the FIN7 and Carbanak/CobaltGoblin cybercrime groups. It was believed that the arrest of the group leader will have an impact on the group’s operations. However, recent data seems to indicate that the attacks have continued without significant drawbacks. One may say CobaltGoblin and FIN7 have even extended the number of groups operating under their umbrella. it can be argued, with various level of confidence, that there are several interconnected groups using very similar toolkits and the same infrastructure to conduct their cyberattacks.
Kurlibat.xyz is a site that tries to trick you into clik to its browser notifications…
Initiateintenselyrenewedthe-file.top is a domain that tries to trick you into clik to its browser notifications…
Wotigorn.xyz is a site that tries to force you into subscribing to its browser notifications…
Initiateintenselyprogressivethe-file.top is a domain that tries to force you into clik to its browser notifications…
Nuesobatoxylors.co.in is a domain that tries to trick you into subscribing to its browser notifications…
Helistym.xyz is a site that tries to force you into clik to its browser notifications…
View Comments