"FIN7 Threat Actors Add Ransomware to Their Arsenal"

FIN7, one of the world's most prolific cybercriminal gangs, has added ransomware to its arsenal. In 2014, the organization gained notoriety after stealing $1 billion from more than 100 companies globally. FIN7 is one of the most skilled Advanced Persistent Threat (APT) groups, according to security experts. The group's move into ransomware is concerning given its highly developed tactics and discipline over its multi-year history. According to Mandiant's research, FIN7-affiliated threat groups have been involved in ransomware operations, such as REvil, DarkSide, BlackMatter, and ALPHV (BlackCat). The findings show an increase in data theft extortion or ransomware deployment that is closely linked to these attacks. FIN7 allegedly established a phony security firm called Bastion Secure in 2021. Under the guise of a legitimate company, the threat group hired researchers and tricked them into carrying out actual ransomware attacks. The software used in the breach of major fuel provider Colonial Pipeline is allegedly the work of FIN7. The attack was carried out by the ransomware group DarkSide, which is said to have direct ties to FIN7. SAKS Fifth Avenue, Saks Off 5th, Lord & Taylor, Omni Hotels & Resorts, Trump Hotels, Jason's Deli, Whole Foods, and Chipotle are among the hundreds of its victims. New findings indicate that FIN7 is speeding up its attacks and broadening its tactics and relationships with other ransomware actors. The group appears to be Russian-speaking, but no country has been identified to be tied to it. Researchers believe FIN7 has a well-funded research and testing division that helps it avoid detection by antivirus and scanners. According to Mandiant, the group has also adopted a supply chain compromise in order to gain additional system access. FIN7 actors, for example, have remotely deployed the PowerPlant backdoor, which contains a wide range of malicious capabilities. This article continues to discuss the history and recent activities of the FIN7 APT group.

Security Intelligence reports "FIN7 Threat Actors Add Ransomware to Their Arsenal"