Contact Contact Us

FIN7 Targeted at least 130 Organisations since Leader's Arrest in 2018

Cyber-criminal group FIN7 (aka Carbanak group) has remained active despite the arrest of alleged group leaders in August 2018 and is believed to have targeted at least 130 companies to steal credentials for unauthorised fund transfers. In recent campaigns, FIN7 continues to distribute spear phishing emails with a password-protected MS Word document containing macro. When activated, the macro fetches the Griffon malware, which is designed to receive modules from FIN7's C&C. Griffon can collect system information, take screenshots, maintain persistence and install Meterpreter for executing additional shellcode. FIN7 is known to work with other threat groups such as the AvaMaria botnet operators and EmpireMonkey group to target software and solution providers serving financial institutions. The group also set up a fake company disguised as a legitimate cybersecurity vendor to recruit unsuspecting freelance penetration testers for hacking targeted organisations.

[1] FIN7.5: The Infamous Cybercrime Rig "FIN7" Continues its Activities

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883