Contact Contact Us

FIN7 Group Remains Active Despite Arrests

The FIN7 cybercriminal group's activities continued unabated despite the arrest of three prominent group members in August 2018. Between May and July 2018, the group was spotted using a new PHP administrative panel to push attack scripts to compromised computers. The attackers spread a previously unknown malware known as SQLRat, which automatically executes SQL injection commands on the host machine. SQLRat leaves no forensic traces as the script is deleted after execution. The panel also pushes a JavaScript backdoor known as DNSbot, which is used to exchange commands and push data to and from compromised machines. Since 2015, FIN7 has targeted businesses in the US, Europe and Australia to steal and sell payment card data.

[1] FIN7 Revisited: Inside Astra Panel and SQLRat Malware

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883