BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
BTC $51524.6928
ETH $3102.2833
BNB $384.2776
SOL $103.2311
XRP $0.5405
ADA $0.5849
AVAX $36.9511
TRX $0.1377
DOGE $0.0856
wstETH $3587.3896
LINK $18.6494
DOT $7.8438
WETH $3100.0078
UNI $11.0945
MATIC $0.9971
WBTC $51554.8458
IMX $3.3401
ICP $12.4013
LTC $70.0025
BCH $266.3236
CAKE $3.1426
FIL $8.1456
ETC $27.0947
RNDR $7.2587
DAI $1.0009
KAS $0.1676
HBAR $0.1071
ATOM $10.3461
INJ $35.4309
VET $0.0467
TON $2.0697
OKB $50.3127
FDUSD $0.9994
LDO $3.3633
GRT $0.3004
ARB $1.8920
XMR $128.8577
TIA $16.5811
XLM $0.1156
STX $2.5143
ENS $22.4126
NEAR $3.6605
APEX $2.4601
WEMIX $2.0774
MKR $2060.5410
BEAM $0.0332
MNT $0.8950
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • FIN7 hackers are back with a new ransomvar Clop

    Microsoft has discovered that the group is working in collaboration with other dangerous threat actors.

    The famous cybercrime group FIN7, also known as Carbanak, ELBRUS and Sangria Tempest, has resumed its activities after a long break. In April 2023, Microsoft discovered that the group was using Clop to attack various organizations. This is the first ransomware distribution campaign since the end of 2021.

    According to Microsoft, the attackers use a PowerShell script called POWERTRASH to download the Lizar (aka DICELOADER or Tirion) post-exploitation tool and gain access to targeted networks. They then use OpenSSH and Impacket to navigate the network and deploy the Clop ransomware.

    FIN7 has been linked to other ransomware families such as Black Basta, DarkSide, REvil, and LockBit.

    FIN7 has been active since 2012 and specializes in stealing banking data and information from payment terminals. The group attacks a wide range of organizations from different industries, including software, consulting, financial services, medical equipment, cloud services, media, food processing, transportation and utilities.

    The group also employs unusual tactics, such as setting up fake cybersecurity companies - Combi Security and BastionSecure - to hire employees to carry out attacks and other operations.

    IBM Security X-Force reported last month that members of the now-defunct Conti group are using new malware called Domino, which is developed by a cybercrime cartel.

    The use of FIN7 POWERTRASH to deliver Lizar was also noted by WithSecure a few weeks ago in connection with attacks exploiting a serious vulnerability in Veeam Backup & Replication software (CVE-2023-27532) to gain initial access.

    The latest development suggests that FIN7 continues to rely on various families of ransomware to attack victims as part of its shift in monetization strategy from payment data theft to ransomware.

    In October 2021, FIN7 started using the RaaS (ransomware-as-a-service) model as it proved to be profitable for most hackers. Cybersecurity researchers at Mandiant have discovered that FIN7 has until recently been used to fund operations related to REvil, DarkSide, BlackMatter and BlackCat. But now the group intends to develop its own version of the ransomware.

    FIN7 is believed to have been behind the 2021 Colonial Pipeline attack, which led to fuel shortages in the eastern United States. Also according to the FBI, FIN7 members are highly skilled hackers based in Russia.

    Author DeepWeb
    "Greatness": a new phishing service
    Attackers are distributing a new stealer under the guise of CapCut

    Comments 0

    Add comment