This group of hackers called Fin7 has been around for a long time, as it is believed to be behind attacks targeting the US retail, restaurant and hospitality sectors since mid-2015, working closely together and sharing tools and methods with the famous Carbanak group.
In 2018, alleged leaders of the organization had been arrested, but unfortunately in 2019 Kaspersky Lab researchers detected a series of new attacks by the same groups using the Griffon malware. According to company experts, Fin7 could have expanded the number of groups operating under its umbrella, increased the sophistication of its methods, and even positioned itself as a legitimate security provider to recruit professional employees and trick them into helping them steal. financial assets.
Now in December 2020 FIN7 began to carry out a campaign to distribute a tool called JSSLoader, considered a remote access Trojan (RAT) with multiple capabilities implemented for the capture and exfiltration of confidential information. The attack vector used by this group was the sending of e-mails with themes that manage to capture the attention of users and that contain links to download malicious files from a private SharePoint repository.
The downloaded files were Visual Basic Script (VBS) executables that download a JSSLoader module, which is stored in the% temp% directory and executes it through a scheduled task created on the computer, in addition, it was observed that this RAT uses a PowerShell script called DiceLoader to download Cobalt Strike, a tool used by cybercriminals to exploit vulnerabilities in a system, in order to gain access to a target network. Fin7 is undoubtedly active and care must be taken especially in the business sector, since these tend to target companies to ask for huges sums of money.
In addition, this group created a fake company that is registered on the server that Fin7 uses as a Command and Control Center. This bogus business has been used to recruit freelance vulnerability researchers, software developers, and interpreters through legitimate online job sites. It seems that some of the people who work in these fake companies did not suspect that they were involved in a cybercriminal business.
See also:
PyVil RAT – New Trojan from the Evilnum group
Milton Group – the scam company that gave promise
[…] reads:FIN7, a dangerous group of hackersWhy cybercriminals made attacks on these […]