FIN7, a notorious group of cyber criminals known for disrupting businesses by infiltrating their payment systems might have another operation to pull off.
Cybersecurity firm Mandiant recently found out that the hackers under this group have transitioned to launching ransomware attacks on their victims.
FIN7 Hackers Move into Ransomware Operations
In an initial report released by Mandiant on Monday, April 4, the tactics of hackers have changed operations in recent years. The cybersecurity company said that there has been an increase in the case of ransomware attacks spearheaded by FIN7.
To note, the researchers wrote that the group has deployed several security threats such as BlackCat, Ryuk, and Maze.
Mandiant added that there was a huge change in the hackers' operation. Even so, they could also have links to previous ransomware attacks that took place in some parts of the world.
The researchers discovered that Bastion Secure also serves as FIN7's front for carrying out malicious operations. The experts considered this to be a "major indicator" of the group's transition to a different venture.
The FIN7 group was also allegedly the mastermind behind the controversial Colonial Pipeline attack. Mandiant said that these hackers were the ones who handled the software used by the DarkSide suspects.
Related Article: Lapsus$ Operations Are Ongoing? Bad Actors Might Still Be Active in Hacking Despite Recent UK Arrest
How FIN7 Started its Operation
In another report from Cyberscoop, FIN7 has been widely-known for targeting financial corporations over the past years. The group first began its operations in 2014 when it managed to rob over $1 billion in funds which came from over 100 global firms.
At that time, cybercriminals were deceiving a lot of people into pretending to be government officials. The system was indeed suspicious since when a person clicks it, the malware will automatically be injected into the system.
However, FIN7 leaders were prosecuted by the US authorities last year. Denys Iarmak and Andrii Kolpakov were found guilty when they led the country-wide data breach that affected many US companies. The operation resulted in huge financial losses for the victims.
Mandiant wrote that the group had also disrupted a website by injecting malware installers to the specific download links. The site was popular for selling different products.
FIN7 Linked to Malware-Spreading USB Drives
Earlier this year, Tech Times reported that the FBI warned people about the widespread malware which affects USB flash drives. Later, the authorities found out that the hackers behind the incident were members of the FIN7 gang.
It should be noted that the FBI also said that the group was masquerading as a legitimate US Department of Health and Human Services. That's not only that since it also pretended to be Amazon by tricking the customers to install ransomware.
The federal agency clarified that these operations have been existing since August 2021. For everyone who is unaware of this scenario, it's quite alarming that what you click on the internet might steal your financial or personal information.
Read Also: Sugar Ransomware-as-a-Service Operations Target Individual Devices With Low Ransom Demands
This article is owned by Tech Times
Written by Joseph Henry