"FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks"

The financially motivated threat actor known as FIN8 has been delivering the BlackCat ransomware via a "revamped" version of the Sardonic backdoor. According to the Symantec Threat Hunter Team, the group is attempting to diversify its focus and maximize profits from infected entities with this effort. The attempted attack occurred in December 2022. FIN8 is being tracked by the cybersecurity firm called Syssphinx. Since at least 2016, the adversary has been associated with attacks against point-of-sale (PoS) systems using malware such as PUNCHTRACK and BADHATCH. After over a year, the group reappeared in March 2021 with an updated version of BADHATCH, followed by a new implant called Sardonic, which Bitdefender disclosed in August 2021. This article continues to discuss the FIN8 group using an updated version of a backdoor called Sardonic to deliver the BlackCat ransomware.

THN reports "FIN8 Group Using Modified Sardonic Backdoor for BlackCat Ransomware Attacks"