FIN7

FIN7 is a criminal, financially motivated group which Mandiant has tracked since 2015 and which shows overlaps with the Carbanak Group.

The group has targeted over 100 organizations, initially focusing on stealing payment card data. Their operations subsequently extended beyond card data theft, including attacks on finance departments within victim organizations. In April 2017, they sent spear-phishing emails to personnel involved in United States Securities and Exchange Commission (SEC) filings, indicating an interest in material non-public information for potential stock trading advantage.

Their innovation and social engineering prowess have allowed them to impact diverse industries, including restaurants, travel, hospitality, education, casinos, gaming, construction, energy, retail, finance, telecommunications, high-tech, government, software, and business services.

Over time, their TTPs have evolved and more recent reporting has linked the group to ransomware intrusions.

www.mandiant.com

https://www.mandiant.com/resources/blog/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation

www.mandiant.com

https://www.mandiant.com/resources/blog/evolution-of-fin7

blogs.blackberry.com

https://blogs.blackberry.com/en/2024/04/fin7-targets-the-united-states-automotive-industry

www.mandiant.com

https://www.mandiant.com/resources/blog/mahalo-fin7-responding-to-new-tools-and-techniques

www.mandiant.com

https://www.mandiant.com/resources/blog/fin7-spear-phishing-campaign-targets-personnel-involved-sec-filings

www.mandiant.com

https://www.mandiant.com/resources/blog/fin7-phishing-lnk