Main Menu

Stay Connected

Join my mailing list and stay informed of all the lasted news and blog posts!

Get Social



Late February 2017, FireEye identified this spear phishing campaign based on multiple similar tools, tactics, and procedures, and have high confidence that this campaign is associated with the financially motivated threat group tracked by FireEye as FIN7.

FIN7 is a financially motivated intrusion set that selectively targets victims and uses spear phishing to distribute its malware. FireEye have observed FIN7 attempt to compromise diverse organizations for malicious operations – usually involving the deployment of point-of-sale malware – primarily against the retail and hospitality industries.

Spear Phishing Campaign

All of the observed intended recipients of the spear phishing campaign appeared to be involved with SEC filings for their respective organizations. Many of the recipients were even listed in their company’s SEC filings. The sender email address was spoofed as EDGAR <This email address is being protected from spambots. You need JavaScript enabled to view it.;, the attachment is named “Important_Changes_to_Form10_K.doc”.

Victims

Thus far, FireEye directly identified 11 targeted organizations in the following sectors: 

  • Financial services, with different victims having insurance, investment, card services, and loan focuses
  • Transportation
  • Retail
  • Education
  • IT services
  • Electronics

All these organizations are based in the United States, and many have international presences. As the SEC is a U.S. regulatory organization, we would expect recipients of these spear phishing attempts to either work for U.S.-based organizations or be U.S.-based representatives of organizations located elsewhere. However, it is possible that the attackers could perform similar activity mimicking other regulatory organizations in other countries.

First International Cybermafia

John Miller, a director of threat intelligence at FireEye, described the attackers as among "the most sophisticated financial actors" and said their methods were similar to hackers who targeted ATM machines and other parts of the banking system. He also warned the hacking tools they sought to install were particularly insidious.

“It's the Swiss army knife of malware. It lets you do whatever you want to with the compromised system," Miller said. Fin7 is the first international cybermafia, a group of cybercriminals from Russia, Ukraine and other parts of Europe and China. 

Leave your comments

Post comment as a guest

0
Your comments are subjected to administrator's moderation.
terms and condition.
  • No comments found

Site Disclaimer

thechrisbertschlogo

The content provided with this site is for article purposes only.
All images and content (C) the original authors.

Contact Me

Contact Me

I'm excited to hear from you!

You can contact me via my Contact Page. If you'd prefer to give me a ring you can always call me at: 6052901990

My Address

923 N Main St. Aberdeen, South Dakota, United States 57401

Get Social

Newsletter Subscribe