Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...

FIN7 Cybercrime Group Targeting U.S. Auto Industry with Carbanak Backdoor

The infamous cybercrime syndicate known as FIN7 has been linked to a spear-phishing campaign targeting the U.S. automotive industry to deliver a known backdoor called Carbanak aka Anunak. "FIN7 identified employees at the company who worked in the IT department and had higher levels of...

Backdoor.Win32 Carbanak (Anunak) MVID-2024-0667 Named Pipe NULL DACL

Discovery / credits: Malvuln John Page aka hyp3rlinx c 2024 Original source: https://malvuln.com/advisory/b8e1e5b832e5947f41fd6ae6ef6d09a1.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32 Carbanak Anunak Vulnerability: Named Pipe Null DACL Family: Carbanak Type:...

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

The banking malware known as Carbanak has been observed being used in ransomware attacks with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group said in an analysis of ransomware attacks that took...

Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks

The notorious cybercrime group known as FIN7 has been observed deploying Cl0p aka Clop ransomware, marking the threat actor's first ransomware campaign since late 2021. Microsoft, which detected the activity in April 2023, is tracking the financially motivated actor under its new taxonomy Sangria...

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...

FIN7 Lures Unwitting Security Pros to Carry Out Ransomware Attacks

The financially motivated cybercrime gang behind the Carbanak backdoor malware, FIN7, has hit upon a genius idea for maximizing profit from ransomware: Hire real pen-testers to do some of their dirty work instead of striking partnerships with other criminals. According to a report from Gemini...

Tenacity 2.0 – Emulating Threat groups

Introduction The previous article: Tenacity – An Adversary Emulation Tool for Persistence, walked us through the working of Tenacity, techniques it supports, and how it can help organizations and individuals to validate the risk posture. As with the second installment of the series, this post wil...

FIN7 Hackers Using Windows 11 Themed Documents to Drop Javascript Backdoor

A recent wave of spear-phishing campaigns leveraged weaponized Windows 11 Alpha-themed Word documents with Visual Basic macros to drop malicious payloads, including a JavaScript implant, against a point-of-sale PoS service provider located in the U.S. The attacks, which are believed to have taken...

FIN7 Supervisor Gets 7-Year Jail Term for Stealing Millions of Credit Cards

A Ukrainian national and a mid-​level supervisor of the hacking group known as FIN7 has been sentenced to seven years in prison for his role as a "pen tester" and perpetuating a criminal scheme that enabled the gang to compromise millions of customers debit and credit cards. Andrii Kolpakov, 33,...

FIN7 Backdoor Masquerades as Ethical Hacking Tool

The notorious FIN7 cybercrime gang, a financially motivated group, is spreading a backdoor called Lizar under the guise of being a Windows pen-testing tool for ethical hackers. According to the BI.ZONE Cyber Threats Research Team, FIN7 is pretending to be a legitimate organization that hawks a...

Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation

In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with...

Stopping Carbanak+FIN7: How Microsoft led in the MITRE Engenuity® ATT&CK® Evaluation

In MITRE Engenuity’s recent Carbanak+FIN7 ATT&CK Evaluation, Microsoft demonstrated that we can stop advanced, real-world attacks by threat actor groups with our industry-leading security capabilities. In this year’s evaluation, we engaged our unified Microsoft 365 Defender stack, with...

Cybersecurity Webinar: Understanding the 2020 MITRE ATT&CK Results

The release of MITRE Engenuity's Carbanak+Fin7 ATT&CK evaluations every year is a benchmark for the cybersecurity industry. The organization's tests measure how well security vendors can detect and respond to threats and offers an independent metric for customers and security leaders to understan...

MITRE Engenuity ATT&CK® Evaluation proves Microsoft Defender for Endpoint stops advanced attacks across platforms

For the third year in a row, Microsoft successfully demonstrated industry-leading defense capabilities in the independent MITRE Engenuity ATT&CK Adversarial Tactics, Techniques, and Common Knowledge Evaluations. As the attack surface evolves on a near-daily basis, threat actors are creating more...

FIN7 sysadmin behind “billions in damage” gets 10 years

In 2018 three high-ranking members of a sophisticated international cybercrime group operating out of Eastern Europe were arrested and taken into custody by US authorities. Ukrainian nationals Dmytro Fedorov, Fedir Hladyr, and Andrii Kolpakov, were members of a prolific hacking group widely known...

The Storybook Approach to MITRE ATT&CK

Read this year’s MITRE Engenuity ATT Evaluations story, which simulates techniques associated with notorious threat groups Carbanak and FIN7 to test solutions' ability to detect and stop APT & Targeted Attacks...

Carbanak and FIN7 Attack Techniques

What happens in Carbanak and FIN7 attacks? Here are some techniques used by these financially motivated threat groups that target banks, retail stores, and other establishments...

A week in security (October 21 – 27)

Last week on Malwarebytes Labs, we explored a link between Magecart Group 5 and the Carbanak APT, we discussed the growing rate of robocalls threatening user privacy, and we tipped you off on how to protect yourself from doxing. We were glad to see the BBC raise awareness about stalkerware, much...

Magecart 5 Linked to Carbanak Gang

Researchers have linked Magecart Group 5, the credit-card skimming cybercriminals behind the Ticketmaster breach, to Dridex phishing campaigns and the infamous Carbanak group. Magecart – which is an umbrella group encompassing several different affiliates all using the same modus operandi – injec...