X-Industry

fin7 (5)

FIN7 & Ex-Conti Gangs’ with Domino

11035554682?profile=RESIZE_400xA new strain of malware developed by threat actors likely affiliated with the FIN7 cybercrime group has been put to nefarious use by the now-defunct Conti ransomware gang members, indicating collaboration between the two crews.  The malware, named Domino, is primarily designed to facilitate follow-on exploitation of compromised systems, including delivering a lesser-known information stealer that has been advertised for sale on the dark web since December 2021.

Former TrickBot/Conti syndicate me

Criminal Cabal

10264545275?profile=RESIZE_400xThey say “Birds of a Feather, Flock Together.”  This holds true with criminal hackers.  Threat analysts have recently compiled a detailed technical report on FIN7 operations from late 2021 to early 2022, showing that the adversary continues to be very active, evolving, and trying new monetization methods.[1]

Link to full report: TR-22-095-002_Fin7.pdf

 

[1] https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/

Weekly Report - All Sector 11 12 2021

9795700079?profile=RESIZE_400xActivity Summary - Week Ending on 12 November 2021:

  • Red Sky Alliance identified 27,845 connections from new IP’s checking in with our Sinkholes
  • Analysts identified 3,224 new IP addresses participating in various Botnets
  • Sality remains the top Malware Variant at 24,282 Observation
  • Chaos Ransomware
  • Fake Ecommerce and Black Friday
  • Robinhood Hit (Again)
  • CISA 22-01
  • Ukraine & Gamaredon SSU Arrests
  • Pakistan and Russia
  • Cyber Attack US Federal Indictments
  • FIN7 still Kicking Around

 

 

Link to full repo

Weekly Cyber Intelligence Report: 09 10 2021

9553661087?profile=RESIZE_400xActivity Summary - Week Ending 10 September 2021:

  • Red Sky Alliance identified 47,398 connections from new unique IP addresses- Sinkholes
  • Analysts identified 1,034 new IP addresses participating in various Botnets
  • 4 unique email accounts compromised with Keyloggers were used to log into Personal Accounts
  • Sality Malware Variant seen 42252 times this past week
  • Hive Ransomware Alert
  • STRRAT RAT
  • FIN7 again
  • Microsoft and $20 billion in Cyber Security
  • South Korea and TrickBot Arrest
  • To SOAR, or to SIEM

Never Take Malware from Strangers

4758258495?profile=RESIZE_400xWe have all been told not to take candy from strangers. The FBI is warning not to take USB's from them either. The FBI has recently warned a new campaign is targeting businesses from the infamous Fin7, or Carbanak Group. Also known as the Navigator Group, the cybercriminals have been tied to more than $1 billion in fraud. The group has a history of infecting point-of-sale devices with malware and using them to steal payment card information.

Researchers at Trustwave SpiderLabs disclosed an attac