Geeks for your information
FIN7’s Liquor Lure Compromises Law Firm with Backdoor - Printable Version

+- Geeks for your information (https://www.geeks.fyi)
+-- Forum: News (https://www.geeks.fyi/forumdisplay.php?fid=105)
+--- Forum: Privacy & Security News (https://www.geeks.fyi/forumdisplay.php?fid=107)
+--- Thread: FIN7’s Liquor Lure Compromises Law Firm with Backdoor (/showthread.php?tid=15687)



FIN7’s Liquor Lure Compromises Law Firm with Backdoor - silversurfer - 24 July 21

Quote:Financial cybercrime gang FIN7 has rebounded after the jailing of some key members, launching a campaign that uses as a lure a legal complaint involving the liquor company that owns Jack Daniels whiskey. The gambit successfully compromised at least one law firm, giving them a shot of the JSSLoader remote-access trojan (RAT), researchers said.
 
According to eSentire’s Threat Response Unit (TRU), the successful breach for FIN7 (aka Carbanak Group or Navigator Group) was part of a wider, non-targeted email campaign. It purports to relate to a legal complaint centering around liquor giant Brown-Forman.
 
“One of the victims of the malicious legal complaint campaign was a law firm,” researchers said in a posting this week. “The lure successfully bypassed the law firm’s email filters, and it was not detected as suspicious by any of the firm’s employees.”
 
The ultimate purpose of installing the backdoor is unclear. FIN7 usually carries out targeted attacks on point-of-sale systems at casual-dining restaurants, casinos and hotels; or, it infiltrates systems to steal bank-card data and sell it. Since 2020, it has also added ransomware/data exfiltration attacks to its mix, carefully selecting targets according to revenue using the ZoomInfo service.
 
“It is plausible that proficient financial cybercrime groups, such as FIN7, are providing initial access to seasoned ransomware groups, such as REvil (aka Sodinokibi), Ryuk, etc. as a way to monetize their access,” according to TRU.

Read more: FIN7 Liquor Lure Compromises Law Firm with Backdoor | Threatpost